Home arrow PHP arrow Page 4 - Using the PHP Crypt Function

A Few Words About Storage and Security - PHP

The PHP crypt function is a one-way encryption function that lets you confirm that an entered password matches a stored encrypted one -- without having to decrypt anything. Chris Root explains how it works.

TABLE OF CONTENTS:
  1. Using the PHP Crypt Function
  2. A Practical Example
  3. Login
  4. A Few Words About Storage and Security
By: Chris Root
Rating: starstarstarstarstar / 33
January 17, 2005

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

If you use a flat file for your password storage, make sure to put it outside your Web root. Proper permissions can be set on this file to allow your scripts to access it. As a default on UNIX systems PHP and the Web server run under the user "nobody." Using a flat file is fine for a small number of passwords, but if you have a lot of them a database is a better choice. You could also split your password storage: website usernames and passwords in a database and database access passwords in a flat file.

You also have the option of using the htaccess and htpasswd file if you are using the Apache Web server. Make sure to consult any documentation for your server for more information. Another good general net security resource is available at http://www.net-security.org/. Always keep up with the latest security updates and bulletins for any software you use on your site and apply the available patches promptly.

There are other encryption functions or add ons for PHP as well. Such as md5() or a two way PHP extension called Mcrypt. A good source for information about these or other PHP functions and features is in the PHP manual. You can access the PHP manual on line at http://us2.php.net/manual/en/index.php or through the PHP Freaks web site http://www.phpfreaks.com/.

Conclusion

Using crypt we have made password validation secure and easy. There was no need to ever expose the real password and the logged in user is now on their way to doing some work. Always consider all security measures available when you have important information to protect.



 
 
>>> More PHP Articles          >>> More By Chris Root
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: