Using the PASSWORD() function |
03-29-2018, 03:04 AM
(This post was last modified: 04-09-2018, 01:03 PM by jreklund. Edit Reason: Code example are wrong )
Hi again, I just thought about something. There are a more recommended way, as your passwords can be matched against a rainbow table.
If you can use the provided mysql_password function please do the following instead. 1. Take every users password and rehash them using password_hash and then place a passwordConverted = 0 in the database. What I mean is create a one time php file. Make a loop and get every users "mysql password" and add it into password_hash("MYSQL_PASSWORD",PASSWORD_DEFAULT) and replace the one in the database. Now you have a double hash password that can't be matched against a rainbow table. So if two or more users have 'password' they will be completely different. Now if a user logins and passwordConverted are 0: 1. Validate password using: PHP Code: password_verify( 3. Save new password hash and passwordConverted = 1 in DB. If 1: 1. password_verify($this->input->post('password'),$dbPassword); Now you are secure. :-) |
Messages In This Thread |
Using the PASSWORD() function - by barrypoore - 03-28-2018, 01:29 PM
RE: Using the PASSWORD() function - by jreklund - 03-28-2018, 02:24 PM
RE: Using the PASSWORD() function - by barrypoore - 03-28-2018, 02:49 PM
RE: Using the PASSWORD() function - by jreklund - 03-29-2018, 03:04 AM
RE: Using the PASSWORD() function - by barrypoore - 04-09-2018, 11:40 AM
RE: Using the PASSWORD() function - by jreklund - 04-09-2018, 12:50 PM
RE: Using the PASSWORD() function - by barrypoore - 04-09-2018, 01:44 PM
RE: Using the PASSWORD() function - by jreklund - 04-09-2018, 02:48 PM
|