On Friday 10 March 2006 7:09 am, Michael Crute wrote:
> On 3/10/06, Dusty Bin <lixo@xxxxxxxx> wrote:
> > One thing to remember, is that the password function is MySQL's way of
> > storing passwords for MySQL use, and that may change from one release of
> > MySQL to another. This happened very recently. If you want to store
> > application passwords, it is better to use a hash, and be independent of
> > MySQL changes. I use sha1 as I believe it *may* be stronger than MD5(I
> > am not a cryptographer), so I store my password as:
> > $passwordToBeStored = sha1($password);
> > and check the password as:
> > If(sha1($password) == $storedPassword) {
> > ...
> > }
> > HTH... Dusty
>
> Just a note, I would never compare passwords like that, you should put
> sha1($password) in your SQL string as a condition and check to see if
> any rows where returned.
>
> -Mike
It doesn't matter if you have an SSL link to the database. :)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
