Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: HTML PHP MySQL
I am developing a website where the user need to register. After registration he can got some facility extra.
 
at the time of registration only the user will provide their email id and password.
 
Is it mandatory to encrypt the password in mysql.
If i am not doing so, then what can happen?

 
if it is mandatory then suggest me the way.
Posted 21-Sep-12 5:43am
Edited 21-Sep-12 5:44am
v3
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Go through Why encrypt user passwords?[^].
 
It is not mandatory, but encrypted passwords will help the website to be free from Password cracking[^].
 
And Encrypting passwords with mySQL/PHP[^] will help you find different methods to do in PHP/mySQL.
 
Thanks...
Comments
Sourav Sarkar-SS at 21-Sep-12 12:15pm
   
ok thanks
Peter Leow at 2-Mar-14 0:36am
   
Very comprehensive answer, +5.
Tadit Dash at 2-Mar-14 10:37am
   
Thanks Peter. :)
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Well my friend, It is not mandatory but is safe approach to do so....... You can search php reference to find out the ways to do so. I had designed a website wherein I simply generated the md5 hash of the password supplied by the user and this way whenever I received the password entered by user at the time of login, I simply generated it's md5 hash and then, compare it with the hash already stored in the database. i guess it as simple as well as reliable method but I cannot say anything about applying it in the real world application as mine was only a test website that I created only for learning...
 
Hope it can help you.
 
Regards
Tushar Srivastava
  Permalink  
Comments
Sourav Sarkar-SS at 21-Sep-12 11:54am
   
its not sufficient.
I need yes/no answer of my question.
then why?
Tushar Sriv at 21-Sep-12 11:59am
   
You only need answer in either Yes/No?
Well then I will certainly say YES...
And the reason for this is, that there are many dangerous guys out there who always tries to peep into your security and if they succeed, then they will get the list of all the users with the passwords as well, it can be dangerous for users of your website as well as for you :-( So, it's mandatory to use Encryption in real world application.
Sourav Sarkar-SS at 21-Sep-12 12:15pm
   
ok thanks
Tushar Sriv at 21-Sep-12 12:16pm
   
It's all right :-)
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

its not necessary to encrypt password but notice that not to put password in cookies or links and also not to show the password even to the owner , use password type only.
 
but its better to encrypt to safe the user info.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web03 | 2.8.141015.1 | Last Updated 1 Mar 2014
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100