Hello sorry if this may be a stupid question, I am gonna try a sha+salt for my site. wondering how to randomize my salt. Upon registering so both of them will be hashed into the database. Also is there a need for me to decrpyt both sha and salt for user validation. Would be nice if someone pointed me in the right detection or a good article. Thanks Also I’m new to security stuff on websites I’m still researching what security implementations i would use for my site currently these are what i will be doing.
- password hashing
- Anti-SQL injections
- Hiding Values in URL
Would like to know more what should i add to my security. I am making a school management system as a Project.
So far i am looking Into. Anti-bruteforce and my professor gave me a hint about HTTPS.
Also how would i validate a log in if the password is sha+salt encrypted.
Since this is quite a large question its probably easier for me to direct you to some useful resources rather than try to explain it all myself.
For an introduction to web cryptography A List Apart wrote a nice article. It doesn’t discuss implementation very much, but provides a nice overview.
For a list of security flaws and how to combat them see the OWASP Top Ten Project.
Here’s a guide to PHP Security that is pretty comprehensive.
Finally, see this question for more on creating a login system.
I’d recommend searching around Stack Overflow as there’re probably some good answers to questions you may have.