Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: open
I mean, if that's the case why doesn't MySQL just have a "password" field type like HTML has the "password" input type?
Just curious. Thanks.
I have been in arguments about this before and I am all for changing my mind when I see the error in my thinking but I haven't been given a good reason for it yet. I don't see why password encrypting on secure databases is better then not.
All encrypting does is makes it harder for someone who gets in to get passwords, but it isn't going to stop someone. If a "bad" person gets access to your DB/server you are in trouble.
I guess you could tout it as a feature to give people the "warm and fuzzies" but that is all it is good for IMO.
[edited by: Demaestro at 6:37 pm (utc) on April 2, 2008]
Further, a hacker may delete passwords to be malicious, but more insidious is a hacker who has compromised your database, but is smart enough not to raise any flags and can pull compromised data from you for months/years.
I don't get what you mean. If a hacker can execute SQL on your DB how does encrypted passwords do anything to help?
They already have access to the DB so the damage is done. If they can delete your password they can look up any data they want on you and it doesn't matter if they can log in as that person they can just execute queries and get/change the same account info as if they logged in.
Wouldn't it be better to focus on securing your server then encrypting passwords? If your DB is secure you don't need to encrypt any data... if you think your server is available to hackers then you should just encrypt every field not just the password one.
[edited by: Demaestro at 6:44 pm (utc) on April 2, 2008]
If you have an unscrupulous employee I don't see it helping, just slowing it down or as you stated it makes it harder but with time and energy an unscrupulous employee will find a way to do bad if they have their mind set on it.
I guess since I'm the only one who views the database it's somewhat of a moot point, since the only person I have to trust with the information is myself. I just don't want to go through all of the trouble of implementing or creating some sort of cipher when, like Demaestro says, if someone gets into your database they pretty much have you by the balls anyway.
I just kind of wish that MySQL had some sort of way to star out something placed in a special field type but still read the contents, like the password input type. I realize that is more a browser thing than a DB thing, but it'd be nice.
Murdoch, you should be ok with the decrypted passwords in your DB.
A whole new cans of worms is opened though when you decide to email a password in plain text.
How secure is the email server that gets the password?
Is it a shared email account?
Is it the correct email account?
Way more issues to think about when emailing passwords. I won't say don't do it, but I will say be careful. Make sure all accounts have a "confirm email address" feature, don't email passwords to accounts where the email is not confirmed.... ok actually don't do it.
Just email them a temp login that expires in 30 minutes and lets them set a new password.
Someone doesn't need to have SQL access to your database to read the plain-text passwords that will then give them access to do things on your system they shouldn't.
Generally speaking, if someone "loses" their password, the ideal solution is a one-time use link emailed to them that allows them to reset their password. The not-as-ideal solution is to have the system create them a new random password and email it to them with instructions to log in using it and then immediately change their password.
Generally speaking, if someone "loses" their password, the ideal solution is a one-time use link emailed to them that allows them to reset their password.
I think this is the idea I may go with. That way if the link in the email is clicked it will let the user change the password and if not, then nothing is affected. This is just as safe or unsafe as sending them the plain text password through an email anyway. Thanks for that.
The not-as-ideal solution is to have the system create them a new random password and email it to them with instructions to log in using it and then immediately change their password.
I could see this being abused by people who don't like another person and knows their email, making them change their password every day. I guess that's why you called it the not-so-ideal solution :)