What my fellow monks have said so far is very instructive. You must pay attention to their views.

I will add that no matter how you choose to store your passwords, you should avoid using reversible crypto. That is, you should use schemes that make the recovery of the original password, either impossible or very hard. This is the approach followed by the designers of Unix, long ago. They use a supposedly cryptographically strong hash function and a salt to protect the password.

Thanks to this approach, even knowing the algorythms used to protect the passwords and having access to the password database itself, obtaining the original passwords in clear-text (ie, for use in actual authentication) becomes a non-trivial problem involving brute-force and possibly massive amounts of processing power.

If you use reversible crypto, a cracker with knowledge about the algorythm used to secure the passwords and with access to the password database, can easily break into your system/application.

Take a look at Crypt::PasswdMD5, which allows you to protect passwords of any length, using the MD5 algorythm to hash them, making the recovery with methods other than brute force, infeasible.

Hope this helps.

In reply to Re: OT ~ Security: Why is a file outside the web root more secure than mySQL? by fokat
in thread OT ~ Security: Why is a file outside the web root more secure than mySQL? by jerrygarciuh

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.