Basic security, PHP mySQl
Posted
by yuudachi
on Stack Overflow
See other posts from Stack Overflow
or by yuudachi
Published on 2010-04-23T21:01:16Z
Indexed on
2010/04/23
21:03 UTC
Read the original article
Hit count: 240
So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things.
I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct.
But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted?
I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted.
Is that how it's suppose to work though? And it feels unsafe doing that all on the same page.
Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)
© Stack Overflow or respective owner