The Hows of Database Authentication

Novice developers or just the average person would look into making or programming a user login function for a certain application as a simple task. Well, experience developers would not agree. Programming a user login function is one of the most sensitive process in the application. Security issues would surface when there are errors in the login screens. To avoid this issues and problems, let me explain to you how to store authentication data in your database.

Commonly, people would authenticate their users with the use of usernames and passwords. Now, in storing information in a database you should store the login info into one table. Make a title for this table, but make sure not to use the username as the title for the table. This is because that would serve as a keyword in many databases making the table a pain when querying click here for more info- click here.

Storing Passwords in Databases

Rules

1. In a production database, never store the passwords in a plaintext

2. Encryption of the password should not be done. If the password is encrypted, then it can be decrypted. There is no use or no need for the administrator to know the password of the user.

What is the best thing to do? Well, you should store a hash of the password. In a hash, it is difficult to find the original input because it would take an input string an afterwards return a new string which is called a hash. Implementation of hash maps are done by a simple hash. Good hash functions for hashing passwords include:

· There should be no two inputs found that has hash values that are the same.

· Difficult to reverse because it is hard to find the original input when you already have the hash value.

Popular algorithms for hashing passwords include:

1. SHA-2 (Family of hash functions such as SHA-256, SHA-512, SHA 384, and so much more)

2. SHA-3 (Still a family of hash functions)

For you to check and compute the hash password provided by the user, the user must first check if the hash that is computed would match the stored hash in the database. In this case, you assume that the password entered by the user is valid. Since we know that a good hash function do not have two values with the same hash, then we can assume that the password encoded is the correct password.