Categories > WeAreDevs > Hangout >
Would you consider this a good security combo?
Posted
Hi!
So I'm working on a website, and I'd like to ask you, if the combo of security is good. Here's what I'm using for saving data:
USERNAME - None
Password - MySQL's built-in PASSWORD() function
IP - SHA1 (Logging IPs for security purposes. The website will have a special account system which will allow the user to get more content than a regular, non-registered user).
E-Mail - SHA1
Please let me know what you think, or, what could I use :)
Random quote here...
Replied
seems pretty texas to me.
Cancel
Post
Replied
@_realnickk Sadly, the MySQL hosting I use doesn't have SHA-256. I don't know if MySQL supports SHA-256 at all. As for OAuth, I'm not sure if I will add it, since not everyone needs or has GitHub. Thank you for your suggestion, though!
Cancel
Post
Random quote here...
Replied
For password storage, good modern practice is storing with salts on top of the password. Attacks like rainbow tables are very easy to preform on an unsalted database and dictionary attacks would need the salts on top of its wordlist.
Cancel
Post
NZXT H510i, MSI X470 & 650W PSU, 1TB Crucial MX200 SSD
Seagate 1TB HDD, EVGA RTX 3060ti
Ryzen 5 5600x, 2x16GB Corsair @3600Mhz
Random quote here...
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post