In a web database application, usernames and passwords can be stored in a table rather than a file. This moves the data stored about users into a database and can simplify the management of an application. In this section we develop techniques to store usernames and passwords securely in a table.
Later in this chapter we continue the development of the winestore application using the customer table as a source of authentication details. To demonstrate the principles, consider the following simple table:
CREATE TABLE users ( user_name varchar(10) not null, password varchar(15) not null, PRIMARY KEY (user_name), KEY password (password) );
This table defines two attributes:
user_name must be
unique, and in the users table, it is defined as
the primary key. The
password attribute needs to
be indexed as you formulate queries on the password in the
authentication script developed later in this section.
It’s unwise to store user passwords as plain text in
this table. There are many ways to retrieve passwords from a
database, and even with good web site practices and policies, storing
plain-text passwords is a security risk.
crypt( ) function that can protect
passwords stored in a database:
Returns an encrypted string using the Unix DES encryption method. The plain text to be encrypted is passed as the first argument, with an optional second argument used ...