Kami-, on 25 December 2012 - 13:16, said:
From various comments in this thread, I can see why I'd never ask certain people for system architecture advice...
SPEhosting, on 25 December 2012 - 02:38, said:
interesting! but I hate most frame works with php
I normally do it all from scratch using PDO.
If you're writing PHP from scratch you'l failing from the start. You'll want a good framework - Symfony is what we used at my last job.
n_K, on 25 December 2012 - 03:48, said:
SHA512 multiple times with a unique salt for each password, you can store the password in sql like this; <hashed password>:<salt> then get the password field from the database, hash the supplied password and see if it matches the hashed password or not.
Why on earth would you do this instead of creating a separate column. Wow.
Jose_49, on 25 December 2012 - 11:28, said:
What I would strongly recommend to you is that, although is difficult to use because you'll need to learn to use the framework, is to use a CMS such as Drupal.
Anyone suggesting Drupal is out of their mind, to put it bluntly.
Mr.XXIV, on 25 December 2012 - 02:53, said:
Ahh yea! I hear it's actually better than bcrypt. I just need to use the right package for FuelPHP, also with the ability to login with Facebook and Twitter. I think NinjAuth was it. As far as login and getting user info from the database, that'll be my biggest concern for, I need a team for securing and escaping any code that's been created along the way.
How would you want to go about securing the whole database? Besides also making use of SSL later on.
A good framework will handle quite a lot of this for you. And you secure the database by permission, encrypting it is was overkill and wouldn't even do anything since the private key needed to read it would be easily accessible even in a hack.
Symfony uses a salt from memory, and then hashes the password 1000 times over (or any number you want) before storing it.