Authentication Dr. Steven Bitner Hashing Hashing is ONE WAY - - PowerPoint PPT Presentation

authentication
SMART_READER_LITE
LIVE PREVIEW

Authentication Dr. Steven Bitner Hashing Hashing is ONE WAY - - PowerPoint PPT Presentation

Mar 17, 2024 174 likes •356 views

Authentication Dr. Steven Bitner Hashing Hashing is ONE WAY encryption You cannot retrieve the plain text Common hashes: md5 sha1 sha256 $password = hash (md5,$password); Better (though less common hash) Bcrypt

slide-1
SLIDE 1
  • Dr. Steven Bitner

Authentication

slide-2
SLIDE 2

Hashing

 Hashing is ONE WAY encryption

 You cannot retrieve the plain text  Common hashes:

 md5  sha1  sha256

$password = hash (md5,$password);

 Better (though less common hash) – Bcrypt  http://kc-sce-

sphp01.kc.umkc.edu/~bitners/showCode.php?page=resource s/hash/hasher.php

slide-3
SLIDE 3

More hashing

 Never store any passwords plaintext  Most people in the PHP community look down on your code

if you don’t use Bcrypt, but anything is better than nothing.

 On new projects, you are best to start off with Bcrypt

 Why:

 Automatically generates salts  It’s really slow  It’s really, really slow if you want it to be  If you want more info http://codahale.com/how-to-safely-store-a-

password/

slide-4
SLIDE 4

Hashing in action

 http://kc-sce-

sphp01.kc.umkc.edu/~bitners/showCode.php?page=hashT est.php

slide-5
SLIDE 5

Sessions

 Stored on the server  Temporary (unless set up to store to a DB or other persistent

data storage)

 Must open a session before anything else

session_start();

slide-6
SLIDE 6

Cookies

 Stored on the user’s machine  They need to accept cookies  Persistent  Can expire at the end of the session, or at some point in the

future

 Must be sent before any other information (e.g. echo

statements)

slide-7
SLIDE 7

Setting a cookie

setcookie ('cookieName', /*required*/ 'value', 'expiration', /*default=0*/ 'path', 'domain', SSL/TLS?, /*default=false*/ HTTP only?); /* ^ */

slide-8
SLIDE 8

Viewing cookies

slide-9
SLIDE 9
slide-10
SLIDE 10
slide-11
SLIDE 11
slide-12
SLIDE 12
slide-13
SLIDE 13

Registering new users

 Decide what info will be used for login

 Username or email address

 Email validation

 As of PHP 5.2

$email = filter_var('bitners@umkc.edu', FILTER_VALIDATE_EMAIL);

 All usernames should be unique to ensure that a user is

getting their login credentials only

 Can check by attempting to insert  Can check by querying the DB

 What info do you really need?

 Permissions control, email lists etc.

slide-14
SLIDE 14

Think about what's really important

http://xkcd.com/970/

slide-15
SLIDE 15

User maintenance

 Should be able to change password  Should be able to update other information  Should be able to request new password

slide-16
SLIDE 16

Logout

 Unset all $_SESSION variables

session_start(); session_unset();

 Close the session

session_destroy();

slide-17
SLIDE 17

Don't forget to delete cookies

setcookie('cookieName','',1);

slide-18
SLIDE 18

Assignment # 8

 I must be able to register and login to your website.  http://xkcd.com/936/  http://b.web.umkc.edu/bitners/490wd/assignment8.html