A common problem facing webmasters is keeping their database password secure. Actually, the stakes of database password security are quite high when referring to the security issue.
In many cases, all of a website’s data is stored within one or more databases. If an attackers plans to gain access to webmasters’ data, which might contain sensitive and private information, it could be at a huge danger.
Therefore, it is essential that webmasters have a secure database, but also store it safely, if they want to maintain the constant development of their website.
- Highly Secure Password
To begin with, it is about the application password. It is extremely great to ensure the web applications use highly secure password. Of course, the same rules webmasters could use for any technology apply.
Many people set password freely, and that gives chance for hackers to exploit. Make sure having a mix of letters and numbers, and the password does not spell a dictionary word in a common language as well.
Some webmasters indicated that they cannot come up with complicated passwords. However, they can full take advantage of password generator to create passwords. There are tons of generators available online, and one they can install to a Linux/Unix server called APG directly.
- Store within the Database
After creating highly secure passwords, webmasters need to assure they are properly stored in the database.
It is never a right decision to store passwords in simply plain text, in MySQL. The best way for web masters is to encrypt password within the database. Through that way, webmasters are ensured that even if hackers are able to gain access to the database, they still cannot and use any of the passwords.
There are two reliable choices for password storage: SHA1 or MD5 algorithms, other than standard PASSWORDWORD() function. When webmasters apply these types of encryption, their password would be easily hacked set of characters to an encrypted code.