using passwords: variables vs. constants

Dormilich

Recognized Expert Expert

Join Date: Aug 2008

Posts: 8694
#1

using passwords: variables vs. constants

Jan 5 '09, 09:22 PM

Hello,

I'd like to collect some opinions about the question:
in which data type (variable or constant) it is best to store passwords for a database?

(I'm using PHP/MySQL but the matter should consist for other systems too)

Code:

// connecting to DB mysqli_connect($host, $user, $pw); unset($pw); // vs. mysqli_connect(HOST, USER, PW);

on the one hand side constants can never be altered in the script and they are (in most cases) globally available.

on the other hand side, I can destroy a variable's value after I used it. (you know, global variables are evil... *g*)

regards
Tags: None
NeoPa

Recognized Expert Moderator MVP

Join Date: Oct 2006

Posts: 32653
#2

Jan 6 '09, 11:32 AM

I always have some sort of encryption for a password. That way, wherever it's stored (where this should be can vary between projects) it is not obvious what the password is.

Ultimately, password availability will always be a problem in code (If someone has access to the code it is very difficult to ensure they aren't able to get your password if it's stored in any form).
Comment

Comment