> -----Message d'origine----- > De : Fergus Gibson [mailto:news@xxxxxxxxxx] > Envoyé : lundi 19 février 2007 12:01 > À : php-general@xxxxxxxxxxxxx > Objet : Re: Securing user table with sha function > > Tim wrote: > > Now moving on into other aspects of security :P I was thinking of a > > way to secure my login inputs the best way possible. > [...] > > Maybe I'm missing something, but why not simply inspect and > clean input to ensure that it's always properly escaped and > safe to send to your database? It seems to me that's the > most sensible way to address SQL injection. Yes i agree partially, an error in the "cleaning" algo could easily open up to injection, their are so many "workarounds" to standard input filtering how to catch them all? > Hashing the data in your database has drawbacks, and anyway, > do you want them to see even hashed data? I sure don't. > > -- > PHP General Mailing List (http://www.php.net/) To > unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
