I’ve been reading about database security when it comes to websites. And it says an attacker could steal a database and then have as much time as he wants to get all the user’s passwords.
If an attacker stole the database, why would he need the passwords as the authentication is done in php?
So he could just access all the user’s information without knowing the password. Eg a forum with password protected areas.
The attacker could try and get the password of a moderator or user with access to the protected area by getting the database (eg the attacker could be an employee of company that hosts the database), and then go to the forum and log in as the user.
or the attacker could skip that and just look in the table of posts in the hidden area.
Basically if the attacker had access to the database, why bother with username and password when you can access that data without needing to authenticate.
(this blog post made me ask the question: http://www.richardlord.net/blog/php-password-security)
You have an obligation to your users to protect the password as much as possible. That means guarding the database from theft. That also means doing a strong salted hash so that if the attacker does get the database, it’ll take a prohibitively long time to extract all of the passwords (it’s always possible, but make it not worth their while).
One way is to use a multiple salt hashing system. Basically you use 2 separate salts. One you store with the user that is unique for each user, and one for the entire site stored elsewhere. That way, if they don’t get both salts, it’s exponentially harder to crack (though still not impossible).
Most users use one or two passwords for all sites. So if your site is compromised, all of their credentials are as well. That’s why it’s imperative that you make every attempt possible at locking down your systems (including the database, and any sensitive data inside of the database)…