Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

In MVC architecture, where should password encryption take place

Tags:

php

model-view-controller

encryption

codeigniter

I'm working on creating basic password security on a medium size PHP CodeIgniter website. I need to start encrypting password that are being saved into a database. User passwords can be inserted using different methods including CSV import or an individual sign up approach.

Therefore I just want to know at what is the correct level in a MVC system where a password should be encrypted?

like image 782
GrayB Avatar asked May 31 '12 15:05

GrayB

People also ask

Should password be encrypted in frontend or backend?

Frontend or Backend? The backend. If you only hash them in the frontend, you are vulnerable to a pass the hash attack. The reason that you hash passwords in your database is to prevent an attacker who already compromised your database from using those passwords.

Where is the encrypted password of a user stored?

Traditionally, the /etc/passwd file is used to keep track of every registered user that has access to a system. The /etc/passwd file is a colon-separated file that contains the following information: User name. Encrypted password.

When should I encrypt the password?

Encryption is most effective when users create robust, unique passwords for every account. For example, a random 32-character password with letters, numbers, and special characters hashed and salted is near impossible to guess or decode, even using a computer!

How does encryption work with passwords?

Encryption scrambles your password so it's unreadable and/or unusable by hackers. That simple step protects your password while it's sitting in a server, and it offers more protection as your password zooms across the internet. Imagine that you've created the strongest password possible.

1 Answers

The only time you need to perform this function is when adding a new user or updating the password for an existing user. Both of these functions should be performed by the User model. For example, something like:

$user = new User();
$user->setName('...');
$user->setPassword('...');
$user->save();

or:

$user = User::find('...');
$user->setPassword('...');
$user->save();

In this example, the setPassword() method would do the actual encryption.

Also, think of it this way -- it shouldn't be possible to get an unencrypted password into the system. So, you make the User model the only way to interact with users, and have it transparently encrypt all passwords given to it.

like image 160
Alex Howansky Avatar answered Oct 05 '22 13:10

Alex Howansky
Sign in to Comment

Related questions

PHP SoapClient creating XML references for identical elements, makes it unacceptable for service
image compression in php
How to enable php extensions and database support?
MySQL string comparison
Caching MongoDB objects in PHP
Checking if value exists in php array - not working?
Video streaming from Android device to LAMP Server
Are there any general purpose CRUD client applications?
Mysqli insert statement
random function: higher values appear less often than lower
Negating sentences using POS-tagging
template type as struct data member in SWIG
Symfony2 and Vim recommendations
FosUserBundle integration with FosRestBundle
Order CSS based on Selector Specificity
preg_match fails in php > 5.3
PHP substring and strange icon on rendered html
How to create an API-centric application (more specifically: for HMVC in CodeIgniter)
How to replace Text in a PDF form field using PHP
Online file storage logic

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!