Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should security question answers be hashed?

Tags:

php

mysql

hash

md5

I'm working to a security system for a web application - admin section. If one admin want to make some important changes in application he will need to a answer to a security question.

My question is: the answer to this question should be hashed in database?

Also, I'm thinking to give to the administrators posibility to change their question/answer but admin could do this just if he confirm his identity using password. Is this a good approach?

like image 388
morandi3 Avatar asked Apr 21 '11 16:04

morandi3


Video Answer


1 Answers

Yes, but be sure to normalize it before hashing - lowercase it, consider removing all characters that aren't alphanumeric, etc. If I enter "ceejayoz" as my question, it should probably accept " CEEJAYOZ " as well.

like image 192
ceejayoz Avatar answered Oct 04 '22 00:10

ceejayoz