Storing Passwords in Databases

RobMunfy

RobMunfy

RobMunfy

Associate
Joined
18 Mar 2007
Posts
291
Hi,

I just wanted to check that I am going about this in a reasonably secure way.

I wish to store some usernames and passwords in a MySQL database.

My plan is to get the password from a form, create a SHA-1 hash of the password and then store this hash in the table.

Is this the normal way of doing things?

Cheers
 
gord said:
If you're a good small developer yes. You may want to salt your passwords as well as encrypting them before storing.

If you are a large corporate enterprise with millions to spend on security then you'll probably rather store them in a text file, unencrypted, unsalted.
Click to expand...

Haha very true!

I am the former I hope!

Thanks for the clarification
 
You must log in or register to reply here.
Back
Top Bottom