CodeIgniter Forums
Saving Hashed Passwords in my database.php - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forum-11.html)
+--- Thread: Saving Hashed Passwords in my database.php (/thread-68280.html)



Saving Hashed Passwords in my database.php - zashishz - 06-19-2017

Looking for a way to store hashed passwords for my DB Connections in database.php file instead of plaintext.

Please let me know any examples.

Thanks,
Ashish


RE: Saving Hashed Passwords in my database.php - skunkbad - 06-19-2017

Why? If somebody has access to your file system, they can investigate and find your DB credentials no matter where you put them, and no matter how you store them.


RE: Saving Hashed Passwords in my database.php - natanfelles - 06-19-2017

I never did it but I believe that you can use Encryption Library.

But anyway, your encryption key will remain on the server. An attacker able to enter your server will surely be able to decode your passwords. The processing time will also increase due to having to decrypt the password every time you access the database. Maybe it's better to use a more reliable hosting.


RE: Saving Hashed Passwords in my database.php - zashishz - 06-21-2017

(06-19-2017, 08:35 AM)skunkbad Wrote: Why? If somebody has access to your file system, they can investigate and find your DB credentials no matter where you put them, and no matter how you store them.

Yeah I got your point but my employer doesn't want it to be saved as plain text. Hence, i was searching for the same.

Thanks for the Reply !


RE: Saving Hashed Passwords in my database.php - zashishz - 06-21-2017

(06-19-2017, 03:08 PM)natanfelles Wrote: I never did it but I believe that you can use Encryption Library.

But anyway, your encryption key will remain on the server. An attacker able to enter your server will surely be able to decode your passwords. The processing time will also increase due to having to decrypt the password every time you access the database. Maybe it's better to use a more reliable hosting.


Thanks Mate. But Searching for otherways.
I will use this if i have no other Options Smile


RE: Saving Hashed Passwords in my database.php - ciadvantage - 06-21-2017

https://defuse.ca/php-pbkdf2.htm

I adapted this class and put it in libraries. Easy to use!