password protection and security... More food for thought... - GoFuckYourself.com

Deej · 01-02-2008, 03:17 PM

OK so you have a members area...

Be it paysite or be it affiliate area... its all the same question here... BUT, if there is a significant difference, please do, elaborate as to why? besides free rides... im talking security...

ok, so is it fine and dandy to pull from a text file or passwd file as long as that file is properly protected as well... or is it much safer and smarter to pull from a database?

rhymes and reasons... I'm verklempt... talk amongst yourselves... I'll give you a topic...

Password security...

Dirty F · 01-02-2008, 03:20 PM

Scheisse!

AlienQ - BANNED FOR LIFE · 01-02-2008, 03:21 PM

The solution is simple yo...

Deej · 01-02-2008, 03:23 PM

Quote:

Originally Posted by AlienQ

The solution is simple yo...

This is an attempt to bring back real life thinking... instead of horse shit... so please, do elaborate...

Unless of course you cant reveal any more of your inventions....

01-02-2008, 03:23 PM

i bought passwordsecurity.com over the weekend, good topic to discuss

Deej · 01-02-2008, 03:23 PM

Quote:

Originally Posted by Dirty F

Scheisse!

Dont be a pussy... book it ...

raymor · 01-02-2008, 03:58 PM

Quote:

Originally Posted by Deej

ok, so is it fine and dandy to pull from a text file or passwd file as long as that file is properly protected as well... or is it much safer and smarter to pull from a database?

I see no real difference between a flat file (.htpasswd) or a relational database (MySQL)
per se in terms of security. The database may be a bit more secure if it's
used ONLY for authentication because it would be harder for crackers to read.
However if that same database is accessible to other scripts such as a CMS
than crackers may be able to read the database more easily than from a
flat file, or vice versa. So that's a wash if the database is used for anything else,
or is accessible using the same user name and password used for other
databases.

Probably the biggest real life difference which is a distinction between flat
file versus relational per se has to do with how each is commonly used.
Often, systems which use a relational database such as MySQL to store
passwords will store those passwords in plain text, unencrypted. That's a
big no no security wise. A flat file will typically use DES encrpytion, which
is better than no encrpytion, but it's pretty weak. So score half a point for
flat text (.htpasswd). Both flat text (.htpasswd) and relational (MySQL) CAN
be used with strong encryption. Whether or not you use effective encryption
is probably 100 times more important than whether you use flat text or reltional.

Dirty F · 01-02-2008, 03:59 PM

Sig spot!

Deej · 01-02-2008, 11:04 PM

Quote:

Originally Posted by raymor

I see no real difference between a flat file (.htpasswd) or a relational database (MySQL)
per se in terms of security. The database may be a bit more secure if it's
used ONLY for authentication because it would be harder for crackers to read.
However if that same database is accessible to other scripts such as a CMS
than crackers may be able to read the database more easily than from a
flat file, or vice versa. So that's a wash if the database is used for anything else,
or is accessible using the same user name and password used for other
databases.

Probably the biggest real life difference which is a distinction between flat
file versus relational per se has to do with how each is commonly used.
Often, systems which use a relational database such as MySQL to store
passwords will store those passwords in plain text, unencrypted. That's a
big no no security wise. A flat file will typically use DES encrpytion, which
is better than no encrpytion, but it's pretty weak. So score half a point for
flat text (.htpasswd). Both flat text (.htpasswd) and relational (MySQL) CAN
be used with strong encryption. Whether or not you use effective encryption
is probably 100 times more important than whether you use flat text or reltional.

Quality Answer...

Deej · 01-02-2008, 11:05 PM

Quote:

Originally Posted by Dirty F

Sig spot!

Damn, You're Sexy!

01-02-2008, 03:17 PM	#1
Deej I make pixels work Industry Role: Join Date: Jun 2005 Location: I live here... Posts: 24,386	password protection and security... More food for thought... OK so you have a members area... Be it paysite or be it affiliate area... its all the same question here... BUT, if there is a significant difference, please do, elaborate as to why? besides free rides... im talking security... ok, so is it fine and dandy to pull from a text file or passwd file as long as that file is properly protected as well... or is it much safer and smarter to pull from a database? rhymes and reasons... I'm verklempt... talk amongst yourselves... I'll give you a topic... Password security... __________________ Deej's Designs n' What Not Hit me up for Design, CSS & Photo Retouching Icq#30096880

01-02-2008, 03:21 PM	#3
AlienQ - BANNED FOR LIFE best designer on GFY Join Date: Mar 2003 Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384 Posts: 30,307	The solution is simple yo... __________________ NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! \| The Alien Blog Adult News Worth Reading Updated Daily \| Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 \|ICQ: 78943384 \|

01-02-2008, 03:20 PM	#2
Dirty F Too lazy to set a custom title Industry Role: Join Date: Jul 2001 Posts: 59,204	Scheisse!

01-02-2008, 03:23 PM	#5
esnem Guest Posts: n/a	i bought passwordsecurity.com over the weekend, good topic to discuss

01-02-2008, 03:59 PM	#8
Dirty F Too lazy to set a custom title Industry Role: Join Date: Jul 2001 Posts: 59,204	Sig spot!