Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: password checking?

by mvaline (Friar)
on Aug 13, 2005 at 15:42 UTC ( [id://483563]=note: print w/replies, xml ) Need Help??


in reply to password checking?

This can be as simple or complex or insecure or secure as you want; just remember that simple does not always equal insecure and complex does not always equal secure.

Storing passwords in plaintext in a database is probably not a good idea. You will probably want to encrypt the passwords at least. You didn't specify if this is a standalone perl script or a web script... you security concerns are likely to be different depending on this. One of the easiest options is always to plug into an existing authentication service from the shadow password file to .htaccess files if you're using apache. I do most of my work in a Microsoft-centric corporate environment, so I usually try to plug into ActiveDirectory.

If it's a web script, see Password Authentication Module

You will probably be able to glean some techniques from these:
Passwords, hashes, and salt
Best practices for database passwords
A question of security

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://483563]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2024-04-19 23:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found