Re: Storing password in cookie

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Lynch wrote:
On Sat, April 9, 2005 11:51 am, trlists@xxxxxxxxxx said:
*WHY* would you not store some kind of hash of the user ID?!
setcookie('remember_me', md5($username));
.
.
.
select username from users where md5(username) = $_SESSION['remember_me']
Is that really any harder?

It's very hard on the database. With no other where clauses to restrict the results set, the database will have to run the md5 routines on every username in the table.


For better performance, you should also store something like a record id that you can use...

select username from users where recid = $_SESSION['userid'] and md5(username) = $_SESSION['remember_me']

Any query optimizer worth its salt will first filter based on the record ID and then only apply the md5 function to the remaining (1 in this case) usernames.
--
D. Wokan


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux