Creating a web user...security issue

I want to create a web user in the database…the app will use its credentials to connect to the database.
The database has already a root user with all the privileges…

My problem has to do with the password when attempting to create the web user…in contrast with root’s password… the password I create for the web user enters the users table non-hashed.
It is exposed in other words…how can I fix it?.

I expected that upon creating the password some internal mechanism would the hashing…

How are you creating the user? In what app? Are you using a CMS or framework? Give us more information to try and help you out :smiley:

1 Like

This is more or less a PHP answer.
Best practice nowadays is to salt your passwords and don’t even send them in plain text to the server.
This is a google cache, seems the orig domain no longer exists.

http://webcache.googleusercontent.com/search?q=cache:I7tZlSlFUzAJ:www.dtsummers.com/projects/SecLog05/Docs/8_Ways_to_Create_a_Secure_Login_Script_in_PHP_and_MySQ.htm+&cd=9&hl=en&ct=clnk&gl=us

Using this approach, 5 users can have the same password but they will all be different in the database.

I use this, just rewritten for PDO

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.