79608059

Date: 2025-05-06 06:04:47
Score: 2.5
Natty:
Report link

First of all, bCrypt is a simple encryption, a one way hash and it is a bad standard to store bCrypt encrypted data in php session.

Secondly, php can write to a config file but it is risky due to future deployments and race conditions.

Solution : Store all of the database credentials using a strong symmetric cryptography algorithm like AES-256 with GCM, CTR, CFB, OFB mode. ECB mode is not secure and CBC mode can lead to oracle padding attacks.

Read more here -

Block chaining modes to avoid

How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?

Reasons:
  • No code block (0.5):
  • Ends in question mark (2):
Posted by: Abdul Alim Shakir