Your gut probably tells you that putting passwords in code is wrong. Well, it is. Actually storing passwords in plain text in any way (code, text files, databases, etc...) is ALWAYS a bad thing. Notice that I rarely use the word always =)

Actually we usually don't put passwords in code. I (and this is only me, maybe - probably- someone does it better) do it like this:

1) In the page that register users I turn the password into a md5 hash and store it in a db.

2) In the login page, I get the user-typed password, make it into a md5 hash and then compare with the one in the db.

Anyway, forget about the md5 part - there are tons of encrypting algorythms out there - but it's everything else that matters, meaning:

1 - Don't EVER store passwords in plain text.
2 - Don't put it in the code, store in a separate way.

Regards,

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.