Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I would recommend using the <a href="http://pear.php.net/package/Text_Password" rel="nofollow noreferrer">Text_Password package</a> from PEAR. Don't try to reinvent this wheel.</p> <p><strong>Don't force passwords to be strictly unique.</strong> It's actually <em>less</em> secure to have that enforcement. Consider that if I try to set my password to <em>xyzzy</em> and the site tells me I can't, that means now I know some account is using <em>xyzzy</em> as a password. I just have to try that password on all accounts until I find which one.</p> <p><strong>Don't use a hash digest as a generated password.</strong> Your users don't want to type in a hex string of 32 character (or longer). I have had the experience of coding a secure software activation key package in 2001, using PKI and MD5 hashes. But no one would use it because the keys were too long.</p> <p><strong>Do use a hash digest and salt to store passwords.</strong> Read this article by our fearless leader: <a href="http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html" rel="nofollow noreferrer">You're Probably Storing Passwords Incorrectly</a>. </p> <p>See also my answers to a few other password-related questions:</p> <ul> <li><a href="https://stackoverflow.com/questions/754810/how-to-generate-random-password-or-temporary-url-for-resetting-password-in-zen/754869#754869">How to generate random password, or temporary URL, for resetting password in Zend Framework?</a></li> <li><a href="https://stackoverflow.com/questions/488804/php-mysql-compare-password/488893#488893">PHP &amp; MySQL compare password</a></li> <li><a href="https://stackoverflow.com/questions/247304/mysql-what-data-type-to-use-for-hashed-password-field-and-what-length/247627#247627">What data type to use for hashed password field and what length?</a></li> <li><a href="https://stackoverflow.com/questions/7438243/how-large-should-my-password-salt-be/7438390#7438390">How large should my password salt be?</a></li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload