dsbgltg159136540 2010-08-30 09:29
浏览 138
已采纳

如何安全地存储密码等注册/登录信息?

I am in the process of resecuring my registration on my website and want to ask if my password hashing is correct. Or if there is any better more secure way I can do it. I read somewhere that the salt can be written to the database on a per user basis.

This is my security so far:

$salt = sha1(md5($activecode).$username);

$username = mysql_real_escape_string($_POST['username']);
$activecode = mysql_real_escape_string(time());
$pass1 = sha1(md5($_POST['pass1'].$salt));
$pass2 = sha1(md5($_POST['pass2'].$salt));
  • 写回答

4条回答 默认 最新

  • duanjiagu0655 2010-08-30 09:49
    关注

    This very code snippet has very little with security. As well as with common sense. What's the use of doing hashes of both passwords? I guess you have to compare entered passwords and then make a hash of just one.

    MD5 is really wrong here. Just make it sha1($_POST['pass1'].$salt));

    mysql_real_escape tring is a database related function, not form handling one. A right place to use it is right before adding data into query. For the strings going into query enclosed in quotes.

    And what Joe have said.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 教务系统账号被盗号如何追溯设备
  • ¥20 delta降尺度方法,未来数据怎么降尺度
  • ¥15 c# 使用NPOI快速将datatable数据导入excel中指定sheet,要求快速高效
  • ¥15 再不同版本的系统上,TCP传输速度不一致
  • ¥15 高德地图点聚合中Marker的位置无法实时更新
  • ¥15 DIFY API Endpoint 问题。
  • ¥20 sub地址DHCP问题
  • ¥15 delta降尺度计算的一些细节,有偿
  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式