Security Corner:
Secure Remote Password Authentication

By Eric Mann

A solid practice in protecting user credentials is to never store passwords in plaintext on the server. Modern content management systems and PHP frameworks leverage strong one-way functions to store only hashes of passwords. This technique protects your users should your database ever be breached by an attacker. An even stronger mechanism, however, would never send a plaintext password to the server in the first place.

This article was originally published in the July 2018 issue of PHP Architect magazine. To read the complete article please subscribe or purchase the complete issue.

Leave a comment

Use the form below to leave a comment: