msz900 — 2013-05-04T13:11:04-04:00 — #1
iam going to decide to SHA_512 with salt in my web project.
ut iam still in confiusion that there is some problem in it..
the hashing algorithm just hash the data before saving it in to the database something like ( 45454dsdsd54d4sd ).
how can the admin know about the user password?
how can he access to his personal data/profile?
if there is anothr way to secure the user input data in web please tell me...
fretburner — 2013-05-04T16:25:41-04:00 — #2
The reason for hashing the password before saving it is so that if anyone got access to the DB they wouldn't be able to read it. No one should know the password except for the user themselves.
felgall — 2013-05-04T18:02:18-04:00 — #3
A lot of people stupidly use the same password for multiple sites - by hashing their password with a salt you help ensure that if someone gets access to your database that they can't use the passwords there to access your user's bank accounts if they used the same password there. It also ensures you don't get the blame if their bank account does you the same password since you can demonstrate that you have no way to tell what password anyone is using for your site (except your own).