Building a user authorization system in PHP – Part II

August 26, 2006 at 8:18 pm Leave a comment

Hashing passwords

In the last walkthrough you should have created a script that allows user to enter information in the HTML form and then stores this information in the database. The most obvious security hole is that we store password in the database in plain text. If somebody will be able to get the contents of your database, all user passwords will be in plain view to see.

This part of tutorial helps you learn how to make the passwords more secure. The common practice for storing passwords is storing a hash of a password, which is a scrambled copy of it. There is no easy way to decrypt the password, so this set up is much more secure. You will then compare the hash stored in MySQL with the hash of the user-input password. If both hashes are identical, then the password is correct.

There are 2 basic algorythms: SHA1 and MD5. Because a specific password always corresponds to a specific hash value, the attacker does not need to brute-force the hash to get the underlying password. If you build a database of all possible passwords, you can get the plain-text password by doing a hash lookup in the database. Here is an example: MD5 lookup. As there are no reliable SHA1 lookup services at the moment, it is safer to use this algorythm with some kind of modification (called salt). Here’s the line you need to add to your register.php:

$password = sha1(sha1($password).”mysecretcode”);


Entry filed under: Uncategorized.

Building a user authorization system in PHP – part I Ruby rails version

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Recent posts

Starting to learn Rails?


Get Kindle - the best e-book reader, that I personally use, and the only one that you can read on the beach - very useful: Kindle Wireless Reading Device (6" Display, Global Wireless, Latest Generation)

%d bloggers like this: