Password is not checking case sensitivity
Question by user725719
I have a login form in a website which I have created.I have used PHP for verifying password,and password is stored in MYSQL database.The problem i’m facing is Password is not case sensitive.It accepts the characters without considering the case.I’m using Kubuntu linux OS
Could anyone please help to solve this problem?.What value I should use for COLLATION in mysql/my.cnf to avoid this?Or is there any other solution for this?
Any help is greatly appreciated.
Thanks.
Answer by Konerak
Your MySQL collation is probably case-insensitive. Change the column where the password is stored to a case-sensitive collation.
Some rules of thumb:
- When a collation ends in _ci, it is case-insensitive.
- When a collation ends in _cs, it is case-sensitive.
Example:
- utf8_general_ci is case-insensitive.
- utf8_bin is case-sensitive
However, an important note
If you are experiencing this problem, you are probably storing the passwords wrong. You should not store the passwords in plain text, but you should store a hash of the password instead, and salt it properly.
Then, when a user logs in, you hash his entry, and compare the hash with what your DB holds. When both equal, the user probably entered a correct password.
Answer by Starx
It seems like you are storing password in general text. Otherwise collation like utf8_general_ci should not be a problem generally.
You should hash you password with md5() or sha1() while you store passwords.
