So I'm setting up my first website with PHP and MySQL. What I want to do is set a user log-in system that accepts a password string, then checks against a stored SHA1 hash value within a 'users' table in a database that has only this table (that way the most that could be compromised would be this hash), then logs the user into another MySQL database (that actually contains data I'm trying to protect- its intellectual property, so not as crucial as say a credit card) using an MD5 hash of the same password, so even if you could get the aforementioned SHA1 hash, its not as if you could use it to force your way into the main database. My question is- am I leaving any huge gaps? And I'm not sure if this is too much of an issue, but hypothetically if you knew both hashes for the same string, would it be easier to decrypt? Unless I'm not the first to try this, I wouldn't expect there's tools or methods meant for this, but I thought I better ask, couldn't hurt. If I'm being unclear I'd be happy to clarify, but I've only started to code all this out.
haha woops just realized that you cant specify a user for just one db. so that changes things a bit. still welcome to general suggestions though.
haha woops just realized that you cant specify a user for just one db. so that changes things a bit. still welcome to general suggestions though.