Why should I make password as hash code,then save in database?
I wanna program secure login system by php,So I surfed the web for some days and get good recommendation that provide how to do it.
But I have a question about one of the tips, Why should I save users password as hash code in database?
If some one can hack my website or database,it can access to my database,and it's not so important for him/her to has users password.He/She can access all of users information.so what is the benefit of doing it?
For some forms of attack, the attacker might only gain access to one specific table at a time.
If that table is your users table, then the attacker can see the passwords in plain text and you're completely hosed.