Andrew Ballard wrote: > On Tue, Apr 21, 2009 at 8:34 AM, Grega Leskovsek <mavricek@xxxxxxxxx> wrote: >> provided I want to store hash of a password in MySQL ... Using MySQL, >> the whole check can be achieved with a SQL query, since the MD5 >> function is provided as part of the database query language ... >> Can I use also SHA1 or must I use MD5? >> >> Thanks in advance, >> >> -- >> When the sun rises I receive and when it sets I forgive -> >> http://users.skavt.net/~gleskovs/ >> All the Love, Grega Leskov'sek >> > > I would encode the value in PHP and pass the hash to MySQL rather than > passing the password in open text as part of the query and letting > MySQL calculate the hash. That way the sensitive data has already been > hashed and you don't have to worry about whether the communication > between PHP and MySQL travels over an unencrypted network connection > -- now or in the future. > > Andrew In addition, you don't want the password showing up in a general query log for the server. -- Micah -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
