On 3/10/06, Dusty Bin <lixo@xxxxxxxx> wrote:
> One thing to remember, is that the password function is MySQL's way of
> storing passwords for MySQL use, and that may change from one release of
> MySQL to another. This happened very recently. If you want to store
> application passwords, it is better to use a hash, and be independent of
> MySQL changes. I use sha1 as I believe it *may* be stronger than MD5(I
> am not a cryptographer), so I store my password as:
> $passwordToBeStored = sha1($password);
> and check the password as:
> If(sha1($password) == $storedPassword) {
> ...
> }
> HTH... Dusty
Just a note, I would never compare passwords like that, you should put
sha1($password) in your SQL string as a condition and check to see if
any rows where returned.
-Mike
--
________________________________
Michael E. Crute
http://mike.crute.org
It is a mistake to think you can solve any major problems just with potatoes.
--Douglas Adams
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
