In what scenario does a hacker get a table, but not PHP code?

Question

In what scenario does a hacker get a table, but not PHP code?

Ok, so I understand the value of salt in my hashed passwords ... sort of.

I set up a basic authentication scheme where I set passwords, and users are not able to set passwords as something that they can use for another site.

So what is the real usefulness of salt?

In what circumstances can someone compromise my user table but not access the rest of the tables with all the data or my PHP code that shows the magic?

I am trying to determine whether the use of salt is really important in my case.

thank

+5

security php mysql salt

JohnCharles117 Oct 28 '11 at 17:50

source share

4 answers

, . , , , Rainbow .

-1

jonlucc 28 . '11 17:56

, , ASCII char , , 256 .

2 ASCII char 65536 .

, , , , . , , , . , , " " . , ( ,...), 30% . , , , , .

:

. .

-1

evildead 28 . '11 18:05

( ) , ... ... . , / . , - , , - , , . , usertables, .

; , , , .

; , , PHP- . , PHP-, INSERT/UPDATE. SQL- , , INSERTING UPDATEing, , (, / ...).

-1

Teekin 28 . '11 18:14

rook · Accepted Answer · 2011-10-29T06:29:13+0000

, SQL Injection load data infile. , , , . . , :

1) . , , .

2) . 8 . , , .

John The Ripper . . , bcrypt() FPGA GPU - . .

In what scenario does a hacker get a table, but not PHP code?

More articles: