Tech Lead/Team Lead. Senior WebDev.
Intermediate Grade on Computer Systems-
High Grade on Web Application Development-
MBA (+Marketing+HHRR).
Studied a bit of law, economics and design
Location
Spain
Education
Higher Level Education Certificate on Web Application Development
You can use sha256 joining the string with an application token or salt, or a cookie hash and it will be ok. If you want more security you can use 512-bit encrypt such whirlpool, sha-512 and so
Please do not create your own auth implementation, you will regret it eventually ( there's a big yellow box in uniqid manual that says you should never use it to salt passwords).
Use one of the many well-known, tested and audited auth libraries.
If you really wanna learn how to implement a custom authentication I suggest you to browse the source code of said libraries and see how they handle it.
Tech Lead/Team Lead. Senior WebDev.
Intermediate Grade on Computer Systems-
High Grade on Web Application Development-
MBA (+Marketing+HHRR).
Studied a bit of law, economics and design
Location
Spain
Education
Higher Level Education Certificate on Web Application Development
There's nothing bad on implementing own auth if you're a senior dev and you know all about what it implies. Specially when working on a big company and being in need to create a self implemented auth to avoid extra costs of Auth APIs (Oauth, Oauth2, SSO ...), you just need to pass a security audit and the tests after building it and before linking your services to it on production
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This post is a good example of why PHP is bashed by the whole programming community.
I don't wanna sound rude but new programmers are going to see this and think this is OK. Please do not deploy this code to production.
Yeah we can use md5 and salt to make the password protected. This is just an experiment on how to make a chat application with PHP.
Please, don't use MD5 either. It's insecure. Don't try it in production.
Yeah that's why we can use md5 and salt which can generate an unique Id hence encrypting the password field.
No, seriously. Never use MD5 to encrypt a password. The are other methods more secure available php.net/manual/en/function.passwor...
Okay I will look into it. Thank you for the suggestion 😇
You can use sha256 joining the string with an application token or salt, or a cookie hash and it will be ok. If you want more security you can use 512-bit encrypt such whirlpool, sha-512 and so
I was going to use uniqid() in php and join it with the password string. I will try your approach too. Thank you for the suggestion 😇
Please do not create your own auth implementation, you will regret it eventually ( there's a big yellow box in uniqid manual that says you should never use it to salt passwords).
Use one of the many well-known, tested and audited auth libraries.
If you really wanna learn how to implement a custom authentication I suggest you to browse the source code of said libraries and see how they handle it.
There's nothing bad on implementing own auth if you're a senior dev and you know all about what it implies. Specially when working on a big company and being in need to create a self implemented auth to avoid extra costs of Auth APIs (Oauth, Oauth2, SSO ...), you just need to pass a security audit and the tests after building it and before linking your services to it on production