Data type for user passwords

I’m switching my stuff from dreamweaver to Wappler. My old site used an access database and the password field was simply of the type “password”. My new site will use a MySQL database so I’m curious what is used for the data type and how to make that compatible with my wappler php site?

A varchar table will work for passwords.

1 Like

Yes, I always use varchar.

I’m going to bring up the CHAR string type. The red-headed stepchild of databases.

Char is a fixed-length type whereas VARCHAR is a variable length type.
A person’s last name can vary in length. For instance Smith and Vanwooten have different lengths.
Using the U.S. State abbreviations, it would be fixed length. For instance, OH, MI, NC, FL all are 2 characters in length.

SHA-1 creates a result that is 40 characters in length.
SHA-256 is 64 characters in length.
SHA-512 is 128 characters in length.

So if you were using SHA-512, you could use CHAR(128).

CHAR was made specifically for fixed-length string types and varchar for variable length string types. Since the results of the hashed password is always the same for whichever hashing function you choose (SHA-1 - SHA-512), then CHAR makes sense.

The other benefit is that using CHAR appropriately means that you can see what is going on easier by glancing at the database. (Or someone else can.) If I see address_state using CHAR(2), then I know what is in that field without having to look. If I see address_state using VARCHAR, then I know it is using the names spelled out.

In terms of speed, CHAR can be faster from an indexing and adding perspective. This is because it already knows how long it is without having to search to the end of the record. VARCHAR, on the other hand, is better on space only when there are variable lengths.

1 Like

hmm ok. When does sha-? come into play? I’ve been doing this with dreamweaver and an access database for 10 years so I’m accustomed to making a login page and just pointing it at the password field. I’m assuming these are hashing methods to hide the data but is it done in the database or the page?

Yes, storing passwords in plain text is madness, so many hackers around. Sha256 encryption is set at the server connect end and is really easy to use.
Take a look at.

1 Like

Wow, this (and the other content here) is really helpful. Thanks

1 Like