Archive for January, 2010

Jan.31.10

How to store passwords safely with PHP and MySQL

First, let me tell you how not to store passwords and why.

Do not store password as plain text

This should be obvious. If someone gains access to your database then all user accounts are compromised. And not only that, people tend to use the same password on different sites so those accounts will be compromised as well. Your site doesn’t even need to be hacked; a system administrator could easily browse your database.

Do not try to invent your own password security

Chances are that you’re no security expert. You’re better off using a solution that has been proven to work instead of coming up with something yourself.

Do not encrypt passwords

Encryption may seem like a good idea but the process is reversible. Anyone with access to your code would have no trouble transforming the passwords back to their originals. Security through obscurity is not sufficient!

Read more…

Jan.05.10

Swiftlet 1.1 Stable

Swiftlet logoI released a new stable version of Swiftlet a few days ago together with a new web page at swiftlet.org. Swiftlet is a light-weight framework written in PHP aimed to make website development faster and easier.

Version 1.1 comes with a few new plugins that bring CMS-like features to Swiftlet. See the changelog for the full list of changes.

The documentation has also been updated and can now be found at swiftlet.org/docs. If you need support or have any requests, feel free to start a thread at swiftlet.org/community.