[RESOLVED] user & pass with security in mind

VadimK

Hello

i am writing a a large user management system
while i do so i suddenly remembered somebody mentioning that maybe it is wise to create another table specifically for the passwords of the users
for security sakes

have you heard of such strategy and if so what is the thought behind it and how should it be done
what fields besides the the password should be in there

Thanks

bradgrafelman

VadimK wrote:
have you heard of such strategy

Never.

VadimK wrote:
what is the thought behind it

It's utterly stupid. Don't do it. 🙂

There are plenty of other steps you can take to secure the data, though. They range from ensuring the security of the server itself (firewalls, segregated user accounts, limited (if any) access to root, etc.) to data security (hash passwords with a user-specific salt, etc.) to the transportation of data (use HTTPS when remote user is submitting sensitive data to your server, etc.).