Secure way of storing password with PHP
In recent hacking incidents, we have seen that most of the big companies failed in securing passwords. Saving passwords in plain text is not recommended. Best way to store passwords in database is to save the hash of passwords. There are various hashing functions including md5, sha1, sha512, etc. But all these hashing mechanism can be hacked by using bruteforce attack. Although, it is not as easy and sometimes next to impossible depending on the password strength but there is a chance. So, there is also a better way. I found a library which helps in saving passwords in secure way without any kind of complex coding.
‘Portable PHP password hashing framework’ offers an easy to use library. Just download, and include it in your code. See the below code to learn how to use it.
<?php // Include phpass library at the top to use require 'PasswordHash.php'; $hasher = new PasswordHash(8, false); // use the line below to hash the password before saving it in the database $Passwordhash = $hasher->HashPassword('correct password'); // Check if user has provided the correct password $hasher->CheckPassword('user provided password', $Passwordhash); // it will return true or false ?>
It works with PHP 3 and above.