Comments for Upgrade the web

Comment on How to encrypt user info with php by Vahur

Vahur — Tue, 29 Jul 2008 19:32:14 +0000

Salt is a good idea, but i also would not use username for it.

Comment on How to encrypt user info with php by vishlal parmar

vishlal parmar — Tue, 22 Jul 2008 07:59:46 +0000

a good tutorial for the novice learner like me

Comment on How to encrypt user info with php by Weekend Link Roundup: Week 14

Weekend Link Roundup: Week 14 — Sat, 05 Jul 2008 14:02:26 +0000

Comment on How to encrypt user info with php by Weekend Link Roundup: Week 13

Weekend Link Roundup: Week 13 — Fri, 04 Jul 2008 04:50:55 +0000

[...] How to encrypt user info with php - Something I didn’t think about when I wrote my article about hashing stored passworrds was adding the username of the hash. This along with salt creates a stronger hash. SHARETHIS.addEntry({ title: “Weekend Link Roundup: Week 13″, url: “http://www.marksanborn.net/links/weekend-link-roundup-week-13/” }); What next? [...]

Comment on How to encrypt user info with php by Mark

Mark — Fri, 04 Jul 2008 04:47:45 +0000

For added security you should add salt anyways. :)

Comment on How to encrypt user info with php by Scott

Scott — Fri, 04 Jul 2008 03:33:39 +0000

Or you just reset their password when they change their username too. Odds are your script is going to update username and password at the same time anyways.

Also, any reason why you chose crypt and md5 together? Just curious

Comment on How to encrypt user info with php by Stefan

Stefan — Wed, 02 Jul 2008 18:50:03 +0000

Brandon: Thanks and you are right. The error message is really only for testing and for a real site you should probably do as you suggest.

Christoph: True, most sites don’t have a reason to change the username though. But if you would want to be able to change the username at will you should not use the username as SALT for the encryption.

Comment on How to encrypt user info with php by christoph

christoph — Wed, 02 Jul 2008 18:47:05 +0000

Correct me if I am wrong, but you will never be able to login when you once change the username, as the password is an encrypted combination of username and pwd.

Comment on How to encrypt user info with php by Brandon

Brandon — Wed, 02 Jul 2008 16:39:59 +0000

Good tutorial, but it’s generally not a good idea security wise to tell the user that thier username/password is wrong. If an attacker is brute forcing, when you just say ‘wrong password’ he’ll know he has a valid account. It’s always best to have your error messages and error pages be 100% the exact same no matter what.

Comment on How to encrypt user info with php by webdesign brno

webdesign brno — Tue, 01 Jul 2008 18:36:46 +0000

well i want my password to be protected !