Validating a password in php

A good salt should incorporate letters, numbers, and symbols and preferably be over 8 characters in length.Although this method is still more secure than the first, it may have a negative impact of requiring you to perform an extra database query to grab secure data after validating the session.If validation fails utilizing this method logout will be enforced and the user will be required to log back in, thereby updating their IP address.Please note that this method may be bypassed by IP spoofing.In the near future there will be a post containing this updated method for secure authentication.Below this line are older, obsolete methods for securing your data.Many, if not all, of you have had to deal with creating a secure site login at some point in time.

validating a password in php-62validating a password in php-83

One solution you can implement to alleviate the static IP issue is to take a substring of the IP address and use the the first 3/4 of an IPv4 address (24 bits / 3 bytes / third octet).The random salt is generated upon account creation and is unique to that account.The benefit of using random salts is that a compromised account will have no adverse effect on the remainder of accounts due to the uniqueness of the salts on a per user basis.For this reason I will be discussing various techniques I have used or come across in the past for increasing session security to hinder both session hijacking and brute force password cracking using Rainbow tables or online tools such as GData.I use the word hinder due to the fact no foolproof methods exist for preventing session hijacking or brute force cracking, merely increasing degrees of difficulty.

Leave a Reply