php - How to confirm user password in the cheapest way -


i need users confirm current password before editing information. comparing session auth information supposed best way current password not stored in auth session. way can think of solving find user id , retrieve current password compare think query expensive. there better way?

first off not going answer question in way want, instead proper standards of escalating users "role" or "powers" if such things edit, delete ect. ect. ect.

  1. you should not using session store password. (ever, ever, ever!)

  2. when doing user look-ups, password storage, logging in, have you, query on database - not "expensive" it. have database upwards of 2000 (which relatively small, small...) rows , handling without breaking sweat!

  3. do not use cryptographically broken password functions md5, sha[1,2]. functions not specially designed password storage. instead use crypt functions in particular bcrypt uses blowfish cipher. made proper storage of passwords.


Comments

Popular posts from this blog

SPSS keyboard combination alters encoding -

Add new record to the table by click on the button in Microsoft Access -

CSS3 Transition to highlight new elements created in JQuery -