Genoa improved security

password storage in database hash

Tags: Security

ez	#34752 23. Juni 2012, 14:25
Contributors Thanked: 10 mal	I did what the article recommended :D, and I checked other articles too. This to make sure that storing the salt part inside the user record is not a security threat.... and it wasn't, So my code should be OK. For insane security, we could use a random hash AND just a fixed hash OR using a md5 of the main url (that is likely to change). ? So passwords only work on the same url... one disadvantage using the url is when sites migrate to other urls... BUT that is only for insane security... I think we are good just using the random hash which is safe enough ==- I say: Keep it EZ -==

#34752 23. Juni 2012, 14:25

I did what the article recommended :D, and I checked other articles too.
This to make sure that storing the salt part inside the user record is not a security threat.... and it wasn't, So my code should be OK.

For insane security, we could use a random hash AND just a fixed hash OR using a md5 of the main url (that is likely to change). ?
So passwords only work on the same url... one disadvantage using the url is when sites migrate to other urls...

BUT that is only for insane security... I think we are good just using the random hash which is safe enough

==- I say: Keep it EZ -==