Should we use 'password_hash()' to protect passwords in the OBD?



  • I see there are two options, more or less to protect the user passwords located in the MySQL OBD in case of illegal entry.

    1. Option:We're connecting the user. password+salt, the data obtained are scrambled through the encryption method XOR We're talking about a key word, and it's all on a hex code. SHA256

    Shifre XORstored in a folder closed, one level above the original site element. Salt and SHA256 - in the OBD.

    2. Option:Use standard function password_hash() and password_verify() and don't do anything else.

    Tell me if you should use it. password_hash, or it's best to make it happen. First option?


  • QA Engineer

    Read it, it's pretty good information. http://php.net/manual/ru/faq.passwords.php




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2