www.webdeveloper.com
Results 1 to 2 of 2

Thread: Password storage security

  1. #1
    Join Date
    Nov 2010
    Posts
    11

    Password storage security

    Currently building a simple login system that I will use in a couple of servers, some which may not have database access so I am thinking about storing user accounts in a text file. The file will be protected by htaccess, and passwords will be salted and md5 encrypted. Is there anything else I can do to protect this file, I am trying to make it compatible with as many servers as possible so I may not be able to place it out of the www root. Also what possible hacks could people try to access the file?

  2. #2
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    Quote Originally Posted by vmcg View Post
    Currently building a simple login system that I will use in a couple of servers, some which may not have database access so I am thinking about storing user accounts in a text file. The file will be protected by htaccess, and passwords will be salted and md5 encrypted. Is there anything else I can do to protect this file, I am trying to make it compatible with as many servers as possible so I may not be able to place it out of the www root. Also what possible hacks could people try to access the file?
    Use salted SHA(2) hashes, if possible. Do not use "Basic" authentication. Use SSL-secured form-based authentication, if possible. Give the password file a clever name with a random component. (like .passwdMonkeyCow5FAD43) Try to keep that password file out of the docroot, whenever possible. If you screw up your config for a minute, your password file is free to download for that minute if it's inside the docroot ...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles