I have created a simple website with native PHP. I have implemented auth feature in it.
I have inserted 1 user into DB . Username and password is admin - admin .
I have hashed the password with built in password_hash() .
I generate it with built-in PHP function :
password_hash( "admin", PASSWORD_DEFAULT);
Every time I read about github, they write, that it is not safe to upload the db into github. But I would like to upload at least 1 username and password, because if someone wanna try my project, then he/she does not need to create account, instead he/she could login with admin/admin. Is it safe to export the mysql db and upload the db to github, which contains only the admin username/pw ?
So there would be a line in my exported sql file, which I would like to upload to github :
INSERT INTO "users" ("id", "user", "pw") VALUES (1, "admin", "$2y$10$.......");
Extra question : As I have seen the password_hash() generates every time different hashed strings. Why generates always different?
CodePudding user response:
What's "safe" or not depends on the context.
Default accounts and passwords are a regular way that systems are attacked. It's better to force your users to create an account on first run than it is to have a default account in place that they may not even know about. Therefore, the "safe" option is to not have to store the account password at all.
Whether you use GitHub or not isn't relevant.
Extra question : As I have seen the password_hash() generates every time different hashed strings. Why generates always different?
The password_hash()
function does more than just hashing. It also handles adding salt. Since the salt is random, you'll get a different result each time.