homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Databases
Forum Library, Charter, Moderator: open

Databases Forum

Secure way to store third party passwords without reasking users?
JAB Creations

 9:11 pm on Aug 31, 2010 (gmt 0)

I'm curious to if there is a reliable way to securely store passwords in a database that aren't plain-text that are used to access third party websites? In example I salt and pepper passwords, hash them, and then compare hashes however you can't send a hashed password to a third party and expect it to work though at the same time you don't want to store passwords as plain text at the risk of giving away all of a company's passwords should the database be stolen or compromised?

- John



 10:14 pm on Aug 31, 2010 (gmt 0)

Not 100% sure what it is you are trying to do.

Do you want it so someone can give login credentials on your site that would log them into a different site?

JAB Creations

 10:35 pm on Aug 31, 2010 (gmt 0)

I'm not trying to do this though yes. I've seen sites that want to take your authentication credentials for third parties (you are first, they are second, credentials are third party) and store them in their database so they don't request the same credentials over and over again.

- John


 10:51 pm on Aug 31, 2010 (gmt 0)

If you use something like mcrypt to encrypt the passwords, then someone hacking the database would have a long way to go to decrypt what they find there.

However, if they also get access to the PHP file that stores the key, then it's game over.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Databases
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved