Welcome to WebmasterWorld Guest from 184.73.112.180

Forum Moderators: open

Secure way to store third party passwords without reasking users?

   
9:11 pm on Aug 31, 2010 (gmt 0)

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I'm curious to if there is a reliable way to securely store passwords in a database that aren't plain-text that are used to access third party websites? In example I salt and pepper passwords, hash them, and then compare hashes however you can't send a hashed password to a third party and expect it to work though at the same time you don't want to store passwords as plain text at the risk of giving away all of a company's passwords should the database be stolen or compromised?

- John
10:14 pm on Aug 31, 2010 (gmt 0)

WebmasterWorld Senior Member demaestro is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Not 100% sure what it is you are trying to do.

Do you want it so someone can give login credentials on your site that would log them into a different site?
10:35 pm on Aug 31, 2010 (gmt 0)

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I'm not trying to do this though yes. I've seen sites that want to take your authentication credentials for third parties (you are first, they are second, credentials are third party) and store them in their database so they don't request the same credentials over and over again.

- John
10:51 pm on Aug 31, 2010 (gmt 0)

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If you use something like mcrypt to encrypt the passwords, then someone hacking the database would have a long way to go to decrypt what they find there.

However, if they also get access to the PHP file that stores the key, then it's game over.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month