donsjuand wrote:MaRk R:
Could you expand on that opinion so we understand why you think storing hashed PWs is no more secure?
Because you should presume that the database has not been compromised. If the database is compromised, your entire application's data are available to an attacker anyway.
Moreover, they can easily do dictionary attacks against hashed passwords. And they probably have more than enough information to do social engineering attacks anyway.
What do you think about using the Dispatch Method on this page (http://phpsec.org/projects/guide/1.html#1.2) to refer to a main security cases php file that allows a connection to hashed password with a seperate salt in a mysql db?
Erm, I think you're trying to do several things at once. There's nothing wrong with the dispatch method, and there's no problem using hashed passwords (except a false sense of security), but I fail to see how combining them is more interesting than using them individually.
Also, you implied this is done on another level...which level is that?
HTTPS will encrypt all data between the client and server - this is clearly advantageous as it prevents interception of sensitive data.
Encrypting connections to the database is also possible - but is only required if you have an untrusted network between your web app server and database.
Normally this is not the case.
Use hashed passwords if you want to, but don't encrypt anything else at the application level - it's simply unnecessary and will cause severe headaches.
Work on the assumption that your application server and database server have NOT been compromised (obviously, try to keep them that way) - as there is no way to protect your data if they have.
Mark
