加密存储模型

SSL/SSH 能保护客户端和服务器端交换的数据,但 SSL/SSH 并不能保护数据库中已有的数据。SSL 只是一个加密网络数据流的协议。

如果攻击者取得了直接访问数据库的许可(绕过 web 服务器),敏感数据就可能暴露或者被滥用,除非数据库自己保护了这些信息。对数据库内的数据加密是减少这类风险的有效途径,但是只有很少的数据库提供这些加密功能。

解决这个问题最简单的方法是创建自己的加密包,然后在 PHP 脚本中使用它。PHP 可以通过一些扩展来帮助你解决这个问题,比如 OpenSSLSodium,涵盖了多种加密算法。脚本在将数据插入数据库之前对其进行加密,并在检索时对其进行解密。更多关于加密工作的例子请参见参考文献。

Hashing

In the case of truly hidden data, if its raw representation is not needed (i.e. will not be displayed), hashing should be taken into consideration. The well-known example for hashing is storing the cryptographic hash of a password in a database, instead of the password itself.

The password functions provide a convenient way to hash sensitive data and work with these hashes.

password_hash() is used to hash a given string using the strongest algorithm currently available and password_verify() checks whether the given password matches the hash stored in database.

示例 #1 Hashing password field

<?php

// 存储密码散列
$query = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
pg_escape_string($username),
password_hash($password, PASSWORD_DEFAULT));
$result = pg_query($connection, $query);

// 发送请求来验证用户密码
$query = sprintf("SELECT pwd FROM users WHERE name='%s';",
pg_escape_string($username));
$row = pg_fetch_assoc(pg_query($connection, $query));

if (
$row && password_verify($password, $row['pwd'])) {
echo
'Welcome, ' . htmlspecialchars($username) . '!';
} else {
echo
'Authentication failed for ' . htmlspecialchars($username) . '.';
}

?>
add a note add a note

User Contributed Notes 5 notes

up
28
Reiner
13 years ago
Using functions to obfuscate the hash generation does not increase security. This is security by obscurity. The algorithm used to hash the data needs to be secure by itself.

I would not suggest to use other data as salt. For example if you use the username, you won't be able to change the values without rehashing the password.

I would use a dedicated salt value stored in the same database table.

Why? Because a lot of users use the same login credentials on different web services. And in case another service also uses the username as salt, the resulting hashed password might be the same!

Also an attacker may prepare a rainbow table with prehashed passwords using the username and other known data as salt. Using random data would easily prevent this with little programming effort.
up
33
seigoryu at hotmail dot de
12 years ago
I would strongly recommend using SHA-2 or better the new SHA-3 hash algorithm. MD5 is practically unusable, since there are very well working rainbow tables around the whole web. Almost the same for SHA-1. Of course you should never do a hash without salting!
up
7
somebody
17 years ago
A better way to hash would be to use a separate salt for each user. Changing the salt upon each password update will ensure the hashes do not become stale.
up
-5
about2mount at gmail dot com
9 years ago
It's difficult to post scripts here for all to view on the subject of best security practices. But i would wish to point out that using a salt with a randomized and odd numbered long length salt value is do_able with two Php functions while retrieving and separating the salt when it comes out using simple math functions. But with everything we add we also have to think of the constant standardized login systems we stay behind with.

For one,,, adding and validating two to four passwords is not a bad idea.  Also having no username or email going in. They can be stored after the user logs in after the validation process.  It is possible to store the email on the first signup and only at that time. And if the user loses his passwords then validate by email only upon request within a contact form by a validated phone number stored in the database,, and then via their email account.
up
-18
Fairydave at the location of dodo.com.au
18 years ago
I think the best way to have a salt is not to randomly generate one or store a fixed one. Often more than just a password is saved, so use the extra data. Use things like the username, signup date, user ID, anything which is saved in the same table. That way you save on space used by not storing the salt for each user.

Although your method can always be broken if the hacker gets access to your database AND your file, you can make it more difficult. Use different user data depending on random things, the code doesn't need to make sense, just produce the same result each time. For example:

if ((asc(username character 5) > asc(username character 2))
{
   if (month the account created > 6)
      salt = ddmmyyyy of account created date
   else
      salt = yyyyddmm of account created date
}
else
{
   if (day of account created > 15)
      salt = user id * asc(username character 3)
   else
      salt = user id + asc(username character 1) + asc(username character 4)
}

This wont prevent them from reading passwords when they have both database and file access, but it will confuse them and slow them up without much more processing power required to create a random salt
To Top