On Mon, 29 Jul 2002, Monty wrote: > Is it really necessary to store passwords encrypted in a mySQL DB for a > membership site if you're not storing sensitive info such as credit card > numbers? How much security does that offer, really, and for whom?
I'm going to go with "YES" on this one. The problem with being able to retrieve actual passwords from your database is this: Most people re-use passwords across multiple applications. So, while you may fully intend to stash passwords access to only your application, you may actually be storing passwords to people's online banks, work logons, pr0n sites, etc. You can save yourself a lot of time in the future by taking a little time now to make sure that plain-text passwords are not retrievable from your application/database. If your database server were to be compromised, you can rest assured that you didn't leak any passwords. Otherwise, you'll have to really worry that somebody didn't walk away with a list of names, usernames and passwords that could be used elsewhere. > The reason I ask is because I'm trying to implement a "forgot password" > feature on a membership site. But if I store passwords encrypted, I can't > just send the password to their e-mail address, I have to generate a new one > before sending it, which essentially locks that member out of the site until > they get their new password. This has the potential to be abused by a > vindictive person. All they need to know is the member's username or e-mail > address and they can keep re-generating new passwords (locking the member > out of their own account) for a member to annoy them. While this is true, what I've found in practice is that this rarely happens (actually hasn't happend yet, for my sites ... knock on wood). If you find that this becomes a problem, some logic around how often, and by what method passwords can be changed may help alleviate the problem. g.luck, ~Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php