2009/4/21 Andrew Ballard <aballard@xxxxxxxxx>: > On Tue, Apr 21, 2009 at 8:34 AM, Grega Leskovsek <mavricek@xxxxxxxxx> wrote: >> provided I want to store hash of a password in MySQL ... Using MySQL, >> the whole check can be achieved with a SQL query, since the MD5 >> function is provided as part of the database query language ... >> Can I use also SHA1 or must I use MD5? >> >> Thanks in advance, >> >> -- >> When the sun rises I receive and when it sets I forgive -> >> http://users.skavt.net/~gleskovs/ >> All the Love, Grega Leskov'sek >> > > I would encode the value in PHP and pass the hash to MySQL rather than > passing the password in open text as part of the query and letting > MySQL calculate the hash. That way the sensitive data has already been > hashed and you don't have to worry about whether the communication > between PHP and MySQL travels over an unencrypted network connection > -- now or in the future. Well, It's a point. But regarding that in most setups the database server is only accessible in a local subnet or is only listening on the loopback device of the same server hosting the webserver, you must not think about someone sniffing your traffic. A web application that uses an external db server would be quite ... uhm... slow! Anyone did this, yet? ;) I'm using md5()/sha1() in several stored procedures and I feel quite safe with it. Regards > > Andrew > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
