Provides great tutorial on password encryption; sends an unprepared, insecure query to the database :)
@MSKWebServices
4 жыл бұрын
Welcome back and thankyou for explaining in a very good way keep up the good work
@patrick-dev
4 жыл бұрын
Thanks so much for this tutorial. I always thought sha1 and md5 are a great solution. I just finished editing my project's code to provide more security.
@Taebohoe
4 жыл бұрын
You're back (thumbs up)
@raminalibeyli9243
4 жыл бұрын
Thank you very much. Your explanitions and voice are amazing
@RacoonCH
4 жыл бұрын
Thanks, that was really interesting!
@samueljohn497
3 жыл бұрын
Thank you for this very helpful tutorial.
@DavidAshby1
3 жыл бұрын
Thanks for the tutorial. Where you are talking about future proofing the password field as you set it is a varchar, would you not be better to set it as a text field? Or is there an issue with this?
@Emeny
4 жыл бұрын
So helpful, still learning how to code but youre really helping out! Thank you
@experttarun7998
4 жыл бұрын
Thanks sir
@femaledeer
3 жыл бұрын
You CS guys are incredible for not explaining things. If a hash is different every time it is created for the same password input by the user, how does verify know the salt that was originally used to create the hash in the database. The is nothing in the login that verify can use to determine the salt.
@phpBasics
3 жыл бұрын
By using this algorithm, duh :) uint32_t P[18]; uint32_t S[4][256]; uint32_t f (uint32_t x) { uint32_t h = S[0][x >> 24] + S[1][x >> 16 & 0xff]; return ( h ^ S[2][x >> 8 & 0xff] ) + S[3][x & 0xff]; } void encrypt (uint32_t & L, uint32_t & R) { for (int i=0 ; i 0 ; i -= 2) { L ^= P[i+1]; R ^= f(L); R ^= P[i]; L ^= f(R); } L ^= P[1]; R ^= P[0]; swap (L, R); } // ... // initializing the P-array and S-boxes with values derived from pi; omitted in the example // ... { for (int i=0 ; i
@Glafuski
4 жыл бұрын
You are able to teach stuff very well and it is great. But. There is just this one thing. Teach people the right way to do programming. What i mean by this is that don't show people how to do unprotected SQL queries. Always use prepare statements. You don't have to explain that part to people now because this video is about password security but you can create seperate tutorial for that if you feel like doing one. Show examples that are safe to use even if safety requires more complex syntax.
@ganeshjambhulakar7442
4 жыл бұрын
Thanks
@KeleverMinds
4 жыл бұрын
its making sense
@jim9408
3 жыл бұрын
Hey Shawn, For some reason my Skype app is not logging in to contact you. (I haven't used it before.) I have a question and did not know where I should ask it to you. Are you familiar with using Sodium and CipherSweet for encrypting/decrypting/searching a MySQL database? I am new to this and I cannot seem to get it to work. Thanks, Jim
@phpBasics
3 жыл бұрын
Hey Jim - Sorry for the late response. If you need assistance, please try Skype for the web.
@jim9408
3 жыл бұрын
@@phpBasics Thank you Shawn. Yes, I'm trying to find out how/where to store encryption keys. Then, how to best access those keys. I am going to have to work on this Skype thing when I get a chance. I'm getting a certificate error on the web and a perpetual loader when using the app. You have an impressive drum set by the way! You are very talented musically. Me, not so much!
@jfdd43
3 жыл бұрын
It seems really insecure to be honest. What’s stopping me from running the same dictionary list with the password_verify function?
@193
3 жыл бұрын
Thats my question too...
@xX_BeamCRASH_Xx
3 жыл бұрын
should i put the script in my login script or signup script?
@phpBasics
3 жыл бұрын
Спасибо
@davidduron3590
2 жыл бұрын
Hi. This works for users from one table but doesn't work for users from another table. I've been racking my brain all day yesterday, are you able to provide some reasons why?
Пікірлер: 26