Security Corner:
Secure Remote Password Authentication

By Eric Mann

A solid practice in protecting user credentials is to never store passwords in plaintext on the server. Modern content management systems and PHP frameworks leverage strong one-way functions to store only hashes of passwords. This technique protects your users should your database ever be breached by an attacker. An even stronger mechanism, however, would never send a plaintext password to the server in the first place.

Read in Full

This article was originally published in the July 2018 issue of php[architect] magazine. To read the complete article please subscribe or purchase the complete issue.

Leave a comment

Use the form below to leave a comment: