I am developing a content management system where web page content is stored in MySQL with the help of PHP. A table of users/authors/editors includes the username, email, and password. Is there any reason to encrypt the passwords so that they cannot be directly read from the database? The password that the user enters at log-in could be encrypted and matched to the encrypted password already stored in the database.
Is there any real need for this encryption on a CMS? If someone compromises the MySQL database so that they can read passwords in plain text, they could just as easily alter the CMS article data found elsewhere. Is there some other security scenario that I am missing that should prompt me to use password encryption? It seems that password encryption is not necessary for my application.
- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
Is there any real need for this encryption on a CMS? If someone compromises the MySQL database so that they can read passwords in plain text, they could just as easily alter the CMS article data found elsewhere. Is there some other security scenario that I am missing that should prompt me to use password encryption? It seems that password encryption is not necessary for my application.
- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
