Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re: Protecting passwords in source

by DaWolf (Curate)
on Jul 20, 2005 at 02:42 UTC ( [id://476343]=note: print w/replies, xml ) Need Help??

in reply to Protecting passwords in source

Your gut probably tells you that putting passwords in code is wrong. Well, it is. Actually storing passwords in plain text in any way (code, text files, databases, etc...) is ALWAYS a bad thing. Notice that I rarely use the word always =)

Actually we usually don't put passwords in code. I (and this is only me, maybe - probably- someone does it better) do it like this:

1) In the page that register users I turn the password into a md5 hash and store it in a db.

2) In the login page, I get the user-typed password, make it into a md5 hash and then compare with the one in the db.

Anyway, forget about the md5 part - there are tons of encrypting algorythms out there - but it's everything else that matters, meaning:

1 - Don't EVER store passwords in plain text.
2 - Don't put it in the code, store in a separate way.


Replies are listed 'Best First'.
Re^2: Protecting passwords in source
by zshzn (Hermit) on Jul 20, 2005 at 03:39 UTC
    Ultimately a one-way hash is a good choice. Store your password as a hashed string. Hash the password the user inputs and compare it with the hash of your required password. You can use Digest::MD5 or something else if you'd like. Either way your password isn't visable in the source and is not reversable.

    However, as pointed out above, if everyone else has advanced privileges on the system they can just copy your program and change the hash, or change any part of the program to allow them access. So it is seemingly futile.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://476343]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2024-06-17 16:56 GMT
Find Nodes?
    Voting Booth?

    No recent polls found

    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.