[RESOLVED] Password security

Zebbedy

I have an above newb lvl knowledge of php (coding for about 6 months in this language), but no way near intimate knowledge of the language, and a good grasp of database design/development.

I'm trying to work out a secure way of letting outside access to users so they can update their own details in a database.

I've investigated md5 and other encryption methods to secure the password lists, and i've also investigated measures to stop malicious code being entered into the username etc to access our db from unauthorised users.

My question here is, if i use encryption like md5 to protect passwords, and a user forgets a password, can anyone suggest a method for recovering that password?

What i originally wanted to do was have an automated system that would send the password to their registered email address, similar to the system used for this forum (i can never remember my password here, i use it rarely and have so many to remember). This would be difficult if i use md5 to encrypt the passwords. Is there a better option? If i do not encrypt the passwords i can do this, but does that leave me open to letting someone with unauthorised access free reign if they DO manage to get into my system?

This is the first time i have had to consider securing our dbase because our only access previously has been inhouse with a small and trusted team at an early level in our development. I'm sure that we will need this for many areas of our business as it grows and i want to get it right the first time.

Do any of you have any suggestions where i can start to look/research/learn to code for solutions?

dschreck

What I like to do is if they forget their password, I'll have the script create a new randomly generated password, store it in the database (as a md5) and also email it to them.
When the user logs in require them to create a new one.

MarkR

Don't feel compelled to store the password hashed (or indeed, encrypted) just because that's what other applications do.

Unless there is a fault in your application, the password fields of the database should never be exposed to anyone.

Consider storing the passwords as plain text rather than hashed or encrypted. The security risk is negligible:

If someone obtains access to your database, they can read all the data in it anyway.
Hashed passwords can still be attacked with dictionary/brute force attacks if someone obtains your database.

As long as you develop your application in a systematic way which prevents unauthorised access to the database (and of course, the DBA / sysadmin secures it adequately itself), you should be fine. Trust me.

Mark

Zebbedy

Thanks guys,

I like the idea dschrek suggested and if i had paid more attention to the way it worked in this forum i would have noticed that is what they do...doh.

MarkR, i understand what you are saying and appreciate it. I suppose this is also an excercise for me in making things as secure as i can. Dictionary and bruteforce attacks had been covered in a few of the articles i read about md5 and its weaknesses.

If someone is clever enough to get into your system in the first place they are probably clever enough to crack whatever you are using for encryption. Mind you, i dont want to hand it to them on a platter 🙂

Thanks guys for the help and ideas.