Hi all, I am new to PHP and MySQL things, but one thing is making me fussy while I look at twitter apps. Many such apps request our twitter username and password which is again required by them to use in php for sending tweets / follow / unfollow or anything else. I am quite sure you cannot use sha function to save passwords in db as the passwords need to be the original passwords of twitter which we use to login. If we save them in raw format, any web hosting person like db admin can steal everything. Any idea how they do it? Thanks in advance
Well, obviously they either save it in plain text or they use mcrypt before saving it to the DB. However, even mcrypt wouldn't quite work at protecting it, since if the hacker can also read the php files on the server he'll know what the decryption key is. In short, yes, don't give your password on sites that request it. Twitter has made available oAuth some time ago to combat this and it's the preferred method of authentication.