Security Corner:
Secure Remote Password Authentication
By Eric Mann
A solid practice in protecting user credentials is to never store passwords in plaintext on the server. Modern content management systems and PHP frameworks leverage strong one-way functions to store only hashes of passwords. This technique protects your users should your database ever be breached by an attacker. An even stronger mechanism, however, would never send a plaintext password to the server in the first place.
This article was originally published in the July 2018 issue of php[architect] magazine. To read the complete article please subscribe or purchase the complete issue.
Leave a comment
Use the form below to leave a comment: