NeedSecure 2 - Security itself
- VERY IMPORTANT!
Please download and run the NeedSecurity system Test Utility BEFORE purchasing our application. Please mind that running the Test Utility will help you make sure that NeedSecure 2 is fully compatible with your server requirements. Use these instructions for correct utility installation
- Company News
04.12.2010 - Hosting
The experience and high qualifications of our developers and IT professionals of our company have allowed us to develop a unique offer for our new clients. read more
Password protection system lite
Website security and access management can be easily implemented with the help of password protection system lite. This software usually has a wide range of tools that allows to delimit visitors access to some specific website resources, protect files and folders from unwanted users and performs a lot of other useful functions.
Password protection system lite divides the site area into separate zones with different access settings, so different member groups can have different access level and privileges. From the programmers point of view such mechanism is realized by JavaScript or php scripts that is embedded in website code. Qualitive password protection system lite implies hiding login/password information, saving it in separate database on a web server. Some scripts provide data encoding that increases the level of protection. For this purpose any cryptoalgorithm can be used, but usually developer choose one that doesn’t require much memory and space resources for its operation.
For improving protection level password protection system lite uses hashing function. For example you have a password “prescigd” with some hash code. This hash value
is saved on a server and is compared with hash equivalent value of inputted password. If these two values don’t fit, the access attempt fails. Here is an example of hashing line:
$val = "secret"; $hash_val = md5 ($val); // $hash_val = "Clab6fb9182fl6eed935bal9aa830788";
Also password protection system lite crypt( ) function from php. This function has the following syntax:
string crypt(string line, [determinant])
First parameter defines line, that need to be encoded by crypt( ) function. The type of algorithm is defined by length of determinant. Different types of algorithms have different length of dererminant:
| Algorithm |
Length |
| CRYPT_STD_DES |
2 |
| CRYPT_EXT_OES |
9 |
| CRYPT_MD5 |
12 |
| CRYPT BLOWFISH |
16 |
Example: the use of crypt (STD_DES) for saving and comparing passwords
<? $user_pass = "123456"; // extract first to character from $user_pass // and use them as a determinant. $salt = substr($user_pass. 0, 2); // Encode and save the password. $crypt1 = crypt($user_pass, ;salt); // $crypt1 = "12tir.zIbWQ3c" //... user inputs the password $entered_pass = "123456"; // Receive first two characters from saved password $salt1 = substr($crypt, 0, 2); // Encode $entered_pass, using $saltl as a determinant. $crypt2 = crypt($entered_pass, $salt1); // $crypt2 = "12tir.zIbWQ3c"; // Therefore, $cryptl = $crypt2 ?>
If you are choosing between crypt( ) and md5() for encoding data on a website, we advice you to use md5(), as it provides solider protection.