Categories > WeAreDevs > Hangout >

Would you consider this a good security combo?

Posts: 1996

Threads: 198

Joined: Apr, 2021

Reputation: 13

Posted

Hi!
So I'm working on a website, and I'd like to ask you, if the combo of security is good. Here's what I'm using for saving data:

 

USERNAME - None

Password - MySQL's built-in PASSWORD() function

IP - SHA1 (Logging IPs for security purposes. The website will have a special account system which will allow the user to get more content than a regular, non-registered user).

E-Mail - SHA1

 

Please let me know what you think, or, what could I use :)

  • 0

Random quote here...

aeon

Owner of Voyager

vip

Posts: 316

Threads: 28

Joined: Sep, 2022

Reputation: 12

Replied

seems pretty texas  to me.

  • 0

Posts: 1996

Threads: 198

Joined: Apr, 2021

Reputation: 13

Replied

@_realnickk Sadly, the MySQL hosting I use doesn't have SHA-256. I don't know if MySQL supports SHA-256 at all. As for OAuth, I'm not sure if I will add it, since not everyone needs or has GitHub. Thank you for your suggestion, though!

  • 0

Random quote here...

allennova

allennova

Posts: 239

Threads: 13

Joined: Dec, 2017

Reputation: 26

Replied

For password storage, good modern practice is storing with salts on top of the password. Attacks like rainbow tables are very easy to preform on an unsalted database and dictionary attacks would need the salts on top of its wordlist.

  • 0

NZXT H510i, MSI X470 & 650W PSU, 1TB Crucial MX200 SSD
Seagate 1TB HDD, EVGA RTX 3060ti
Ryzen 5 5600x, 2x16GB Corsair @3600Mhz

Posts: 1996

Threads: 198

Joined: Apr, 2021

Reputation: 13

Replied

@Astronemi Everything hashed with lots of salt and SHA512

  • 0

Random quote here...

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )