| clear text password to ? |
|
Right now I am using a clear text password. I keep it in mySQL RDS on AWS in a table. I was planning on moving it to use fusionAuth to maintain passwords but I am out of time (and energy) to get that into the code (and fusionAuth is changing their pricing strategy). So I am back to using regular old CI3 code for the time being.
What is the best practice to secure that password and keep it in my mysql table? I have a way for a user to self register and also to reset their password already in the code.
proof that an old dog can learn new tricks
Give me a magnifying glass and maybe I can read your post.
What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
You are wrong
ci4 is most advance and easy framework ever i ve seen You build modren apps
Enlightenment Is Freedom
Never ever, ever... ever use clear text passwords.
Did I say ever? Anyways... if whatever auth framework you're using doesn't support hashing your password, don't use it. If you're rolling your own, please read as much as you can so you know what you're doing. Take a look at the built in php password functions that can use something like bcrypt hashing https://www.php.net/manual/en/ref.password.php Did I already mention you should never store passwords in clear text?
Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!
(04-21-2021, 01:28 AM)richb201 Wrote: Right now I am using a clear text password. I keep it in mySQL RDS on AWS in a table. I was planning on moving it to use fusionAuth to maintain passwords but I am out of time (and energy) to get that into the code (and fusionAuth is changing their pricing strategy). So I am back to using regular old CI3 code for the time being. I use this script (https://www.openwall.com/phpass) to hash the password and store it in the database. At login, for example, the password sent is also hashed and compared to the passwords already stored.
The best practice is using strong hash functions and salt. Never use plain text or weak MD5 or SHA1 hash functions. Salting passwords is very important for differentiating possible same passwords. Everything you need is to use these two PHP functions:
password_hash password_verify I recommend you to use Ion Auth authentication library for your CodeIgniter 3 project. Do not forget on HTTPS on your web server.
Need I say this over and over.
READ: Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies) What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
OK, OK. I wasn't planning on keeping the clear text passwords! Anyway, I went back to using fusionAuth which, while a little difficult to implement, seems to work pretty well. In it I am using passwordless logins which rely on users keeping their email passwords secure.
proof that an old dog can learn new tricks
|
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
