Hashing server password

Started by irfanyounas, Oct 11, 2022, 03:23 AM

Previous topic - Next topic

irfanyounasTopic starter

Hey there, I'm currently encountering some issues regarding the registration process for my initial pet project. Once I fill in the necessary fields and hit register, the data submitted gets sent over to my local phpmyadmin database via the responsible files such as create_user, register, and connect_user. Essentially, create_user is responsible for account creations.
  •  

AvniShergill

Would it be reasonable to apply a hashing function to the passwords prior to writing them to the database? It is important to not only verify that the connection to the database was successful, but also to confirm the success of each query.

When it comes to user registration, why collect data from all users? Instead, utilize a unique identifier field which is specific to each user, such as their email or username, and create a unique index for it. This allows for duplicate records to be prevented by the DBMS.

For MySQL, one can implement INSERT IGNORE and then view the "affected" record count (mysqli::$affected_rows). By returning this amount through a specialized function, typically intended for INSERT, UPDATE, and other queries, any errors can be addressed via an exception. This is generally the common practice.
  •  

ElizabethParker

Employing md5 hashing is an irreversible method that renders password decryption impossible for a hacker who only has access to the hash. Yet, this statement does not hold entirely true, as hаckers today have created extensive libraries filled with hashes of common and uncommon passwords, which allow anyone to decode passwords merely by searching their hash online.

This problem mainly affects simplistic, widely-used passwords. For example, googling the hash 827ccb0eea8a706c4c34a16891f84e7b will reveal that it belongs to the password '12345'. In contrast, longer, more complex passwords are unlikely to be broken through this method.

One potential solution is mandating the use of longer passwords during registration, perhaps by requiring a minimum of six to eight characters. However, users can still employ simple passwords such as '123456' or '12345678'.

Alternatively, one can develop a smarter algorithm for assessing password complexity, but another possible solution is salt encryption. This approach involves adding a special random string during registration known as a salt, which generates a salted password when combined with the original password. The corresponding hash will then be calculated from the salted password, effectively enhancing its security.
  •  

kevin66

It's important to ensure that the form fields are properly mapped to the corresponding variables in the backend scripting language, such as PHP. The create_user file should handle the logic for creating a new user account, including validating the input data, generating unique identifiers, and securely storing the user information in the database.
Next, the register file likely contains the code for processing the form submission, sanitizing the input to prevent SQL injection or other security vulnerabilities, and calling the appropriate functions to add the new user to the database.

The connect_user file may be responsible for establishing a connection to the database, handling authentication, and retrieving or updating user information as needed during the registration process.

It's essential to thoroughly review each of these files to identify any potential issues in the data processing, database interaction, error handling, or security measures. Additionally, debugging tools and error logs can provide valuable insights into any runtime errors or exceptions occurring during the registration process.

Consider reviewing the server-side validation, database schema, SQL queries, and overall flow of data from the registration form to the database. By meticulously examining and testing each component, you can pinpoint and resolve the issues affecting the registration process for your pet project. Remember, meticulous attention to detail and rigorous testing are key elements of robust web development.
  •