i've got codeigniter app extension of old phone directory company used send employees. people want print out had me create method "printing" bit more robust simple html paper. app has user download pdf. however, didn't want pdf readable had me password protect pdf user's password. worked fine in world of terrible security (storing raw password in database)...
now though i've implemented phpass hash passwords , breaks pdf generation portion. when using $this->pdf->setprotection in codeigniter thing can pass in hash. of course not match user trying type in after pdf downloaded.
has had success modifying how pdf processes passwords before checking what's provided in pdf? far solution i've come ask them enter password again before download i'd avoid step. please let me know if need more go on. thanks!
what trying impossible. purpose of hashing prevent doing. hashes one-way algorithm meaning once password has been hashed phpass can't obtain original password without dictionary attack or hash table.
there few alternatives allow implement this, varying levels of security.
new password
the secure said have user enter new password when download pdf passed tcpdf.
cache password
another alternative less secure cache user's plain-text password in codeigniter or php session on login. can use password stored in session later on when need add password pdf. use php session , not codeigniter because codeigniter stores session userdata in plain-text json array in sessions table of database while php not.
function loginhascompleted() { $_session['password'] = $_post['password']; } encrypt password
you can encrypt password in database instead of hashing it. encrypting aes-256, can decrypt password again use in pdf generation. pose security concerns because if attacker obtained aes key used encrypt passwords said attacker able decrypt of passwords if plain text. it's more secure plain-text passwords attacker need obtain both database , hard coded key in source code, still concern.
Comments
Post a Comment