On Mon, 29 Jul 2002, Monty wrote:

> Is it really necessary to store passwords encrypted in a mySQL DB for a
> membership site if you're not storing sensitive info such as credit card
> numbers? How much security does that offer, really, and for whom?

I'm going to go with "YES" on this one.  The problem with being able to
retrieve actual passwords from your database is this:  Most people re-use
passwords across multiple applications.  So, while you may fully intend to
stash passwords access to only your application, you may actually be
storing passwords to people's online banks, work logons, pr0n sites, etc.

You can save yourself a lot of time in the future by taking a little time
now to make sure that plain-text passwords are not retrievable from your
application/database.  If your database server were to be compromised, you
can rest assured that you didn't leak any passwords.  Otherwise, you'll
have to really worry that somebody didn't walk away with a list of names,
usernames and passwords that could be used elsewhere.

> The reason I ask is because I'm trying to implement a "forgot password"
> feature on a membership site. But if I store passwords encrypted, I can't
> just send the password to their e-mail address, I have to generate a new one
> before sending it, which essentially locks that member out of the site until
> they get their new password. This has the potential to be abused by a
> vindictive person. All they need to know is the member's username or e-mail
> address and they can keep re-generating new passwords (locking the member
> out of their own account) for a member to annoy them.

While this is true, what I've found in practice is that this rarely
happens (actually hasn't happend yet, for my sites ... knock on wood).
If you find that this becomes a problem, some logic around how often, and
by what method passwords can be changed may help alleviate the problem.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to