On 3/10/06, Micah Stevens <micah@xxxxxxxxxxxxxxxxxx> wrote:
> On Friday 10 March 2006 7:09 am, Michael Crute wrote:
> > On 3/10/06, Dusty Bin <lixo@xxxxxxxx> wrote:
> > > One thing to remember, is that the password function is MySQL's way of
> > > storing passwords for MySQL use, and that may change from one release of
> > > MySQL to another. This happened very recently. If you want to store
> > > application passwords, it is better to use a hash, and be independent of
> > > MySQL changes. I use sha1 as I believe it *may* be stronger than MD5(I
> > > am not a cryptographer), so I store my password as:
> > > $passwordToBeStored = sha1($password);
> > > and check the password as:
> > > If(sha1($password) == $storedPassword) {
> > > ...
> > > }
> > > HTH... Dusty
> >
> > Just a note, I would never compare passwords like that, you should put
> > sha1($password) in your SQL string as a condition and check to see if
> > any rows where returned.
> >
> > -Mike
>
> It doesn't matter if you have an SSL link to the database. :)
Indeed, but why bother with transfering and loading a resultset if you
have no need for it?
-Mike
--
________________________________
Michael E. Crute
http://mike.crute.org
It is a mistake to think you can solve any major problems just with potatoes.
--Douglas Adams
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
