Remove obsolete info from security.database.storage page

This commit is contained in:
Christoph M. Becker 2021-02-01 15:45:52 +01:00
parent b2b73a1550
commit fa6c013865

View file

@ -105,10 +105,8 @@
password in a database, instead of the password itself.
</simpara>
<simpara>
In PHP 5.5 or newer <link linkend="ref.password">password</link> functions
The <link linkend="ref.password">password</link> functions
provide a convenient way to hash sensitive data and work with these hashes.
In PHP 5.3.7+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="&url.password.compat;">
password_compat</link> library can also be used.
</simpara>
<simpara>
<function>password_hash</function> is used to hash a given string using the
@ -138,38 +136,6 @@ if ($row && password_verify($password, $row['pwd'])) {
echo 'Authentication failed for ' . htmlspecialchars($username) . '.';
}
?>
]]>
</programlisting>
</example>
<simpara>
In older versions of PHP this can be achieved using <function>crypt</function>
function.
</simpara>
<example>
<title>Hashing password using <function>crypt</function>s</title>
<programlisting role="php">
<![CDATA[
<?php
// storing password hash
// $random_chars retrieved e.g. using /dev/random
$query = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
pg_escape_string($username),
pg_escape_string(crypt($password, '$2a$07$' . $random_chars . '$')));
$result = pg_query($connection, $query);
// querying if user submitted the right password
$query = sprintf("SELECT pwd FROM users WHERE name='%s';",
pg_escape_string($username));
$row = pg_fetch_assoc(pg_query($connection, $query));
if ($row && crypt($password, $row['pwd']) == $row['pwd']) {
echo 'Welcome, ' . htmlspecialchars($username) . '!';
} else {
echo 'Authentication failed for ' . htmlspecialchars($username) . '.';
}
?>
]]>
</programlisting>