Reputation: 561
Update mysql db password field security
I have a user database with sha256 hashed password fields. Now I wish to update this with phpass to add the flavour of salt.
How would I do this the right way? I believe I have to update the field when the user does the next login, right? How would I check if this has already been done for the specific user?
Right now I check if the field contains '$P$', but it doesn't look right to me.
Thx in advance
Upvotes: 2
Views: 187
Answers (2)
Reputation: 1899
I'd go for a similar approach but with a twist. Create a column (TINYINT) default 0. When the user updates their password, set it to 1.
Less extra data in the database then another column.
Upvotes: 0
Reputation: 413
well, there can be many ways, what i would do is, Create another column to store new passwords. While logging user in, check if new password is null, if yes, log them in based on old password column and old logic, and then update new password from the raw password you received from user. This way you can eventually port almost all users to new Passwords.
Upvotes: 3