If you have an old website or a web application with some user-base and you have encrypted user passwords with md5, sha1, sha256, etc. With the knowledge about md5 or that, old hashing techniques been compromised with brute force attacks, collision attacks, etc., you are searching for a way to convert your hashing technique to something more secure like bcrypt or crypt_blowfish. This article talks about how to do that.
Joomla is known as one of the most popular open source content management systems (CMS) in business. WordPress, which is another popular CSM, was in the business of providing FREE but restricted hosting for WordPress based sites under WORDPRESS.COM domain. This WordPress service has been known for higher positions in Google page rankings and higher visitor turnarounds.
Recently (actually on January 20, 2015) Joomla has started providing the same service in lesser-restricted way. By providing an option to have a free-hosted website for unlimited time, Joomla aims to become even more popular and substantially increase its user base.
I recently had to develop above feature couple of times in past few weeks. I came across several issues while implementing this feature. Most of these issues did not have any thing do with the programming language I used (i.e. they are not implementation related issues) but had to do with the concept of development (i.e. design issues). As these are concept level issues, I can make this article more abstract and do not have to couple with a programming language I used (PHP). However will show some code segments in PHP + pseudo, which will be very basic and can be easily translated to any other language.
First, I must emphasize that this method is based on one basic idea. “DO NOT PUT USER DATA IN COOKIE”, even in encrypted format. If you are OK with putting some user data in the cookie, because you believe that encryption cannot be broken or the information is useless to an attacker, jump to the “Not Recommended but Easy Solution” section at the end of the article