Menu
Home
Advertise
Forums
Search forums
What's new
Unread posts
Latest activity
Earn Money
Review Website/Apps
Passive Income
Money apps
Paid Survey
Stock
Forex
Real estate
Paid to write
Social Media Monetization
Crytocurrency
Bitcoin (BTC)
Ethereum (ETH)
Crypto Exchange
Mining
Crypto Faucet / Airdrops
Binance
Business
Business strategy
Funding a business
Marketing
Digital Marketing
Social media marketing
Email marketing
Brand management
Personal Finance
Money Saving
Personal loan
Retirement
Debt help
Savings for Students
Tax relief
Insurance
Car Insurance
Life Insurance
Liability Insurance
Home Insurance
Health Insurance
Disability Insurance
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
Search forums
Menu
Log in
Register
Install the app
Install
Home
Forums
Webmaster forum
Webmaster
How do websites check users passwords without saving the clear-text password in their database?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
[QUOTE="Jasz, post: 233389, member: 61772"] It is best practice for websites to never store user passwords in the database in clear text. If a hacker were to gain access to the server, that would mean they could see all of the users' passwords. There is a much more secure way that modern websites check user passwords without storing the clear-text password in the database. When a user creates an account, they are prompted to enter their desired password into a text box. When the user clicks "submit" or "create account," instead of storing the password in the database in clear text, it becomes hashed and salted. Hashing takes any string of characters and converts it into an unrecognizable string of characters with a set length. Salting adds additional randomness to ensure that similar passwords will not hash to the same value. When a user logs back into their account, they enter their username and password into the appropriate fields, but instead of checking against what is stored in the database, it hashes what was entered in the text box and then compares it to what is stored in the database. If they match, then access is granted; otherwise, access is denied. This prevents hackers from gaining access to all of your users' passwords by simply looking at what's stored in your database. [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
Webmaster forum
Webmaster
How do websites check users passwords without saving the clear-text password in their database?
Top