+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11)
+--- Thread: Saving Hashed Passwords in my database.php (/showthread.php?tid=68280)
Saving Hashed Passwords in my database.php - zashishz - 06-19-2017
Looking for a way to store hashed passwords for my DB Connections in database.php file instead of plaintext.
Please let me know any examples.
Thanks,
Ashish
RE: Saving Hashed Passwords in my database.php - skunkbad - 06-19-2017
Why? If somebody has access to your file system, they can investigate and find your DB credentials no matter where you put them, and no matter how you store them.
RE: Saving Hashed Passwords in my database.php - natanfelles - 06-19-2017
I never did it but I believe that you can use Encryption Library.
But anyway, your encryption key will remain on the server. An attacker able to enter your server will surely be able to decode your passwords. The processing time will also increase due to having to decrypt the password every time you access the database. Maybe it's better to use a more reliable hosting.
RE: Saving Hashed Passwords in my database.php - zashishz - 06-21-2017
(06-19-2017, 07:35 AM)skunkbad Wrote: Why? If somebody has access to your file system, they can investigate and find your DB credentials no matter where you put them, and no matter how you store them.
Yeah I got your point but my employer doesn't want it to be saved as plain text. Hence, i was searching for the same.
Thanks for the Reply !
RE: Saving Hashed Passwords in my database.php - zashishz - 06-21-2017
(06-19-2017, 02:08 PM)natanfelles Wrote: I never did it but I believe that you can use Encryption Library.
But anyway, your encryption key will remain on the server. An attacker able to enter your server will surely be able to decode your passwords. The processing time will also increase due to having to decrypt the password every time you access the database. Maybe it's better to use a more reliable hosting.
Thanks Mate. But Searching for otherways.
I will use this if i have no other Options
RE: Saving Hashed Passwords in my database.php - ciadvantage - 06-21-2017
https://defuse.ca/php-pbkdf2.htm
I adapted this class and put it in libraries. Easy to use!
RE: Saving Hashed Passwords in my database.php - geabenitez - 07-30-2017
(06-19-2017, 02:08 PM)natanfelles Wrote: I never did it but I believe that you can use Encryption Library.
But anyway, your encryption key will remain on the server. An attacker able to enter your server will surely be able to decode your passwords. The processing time will also increase due to having to decrypt the password every time you access the database. Maybe it's better to use a more reliable hosting.
This library is not intended to be used for password handling, in fact you will see the note as soon as you begin to read the documentation.
as of PHP 5.5.0 you can use password_hash to create a one way hash, and for verification you can use password_verify
RE: Saving Hashed Passwords in my database.php - reactionstudio - 07-30-2017
(06-21-2017, 02:50 AM)zashishz Wrote: Yeah I got your point but my employer doesn't want it to be saved as plain text. Hence, i was searching for the same.
Thanks for the Reply !
Why does your employer not want it to be saved as plain-text? It seems more like an issue of them not understanding the situation rather then a technical issue?
Perhaps them being more educated would be a better solution then trying to implement an ineffective technical solution that doesn't really solve the problem, as natanfelles said if the decryption key is on the server you don't gain any security benefits if your file system can be read and it does introduce overhead so you're gaining nothing but the costs are tangible.
What problem exactly are they trying to solve?