note 70019 added to function.md5

Thread: note 70019 added to function.md5

Search this list only Search all lists
note 70019 added to function.md5
	2006-09-29 22:47:31
When checking credentials against a database where you keep passwords hashed it is more secure to create a query with the password hash instead of the actual password. One reason is that we don't want the password to show up in clear in the database query log. Use: $hash = md5($password); $query = "SELECT * FROM `Users` WHERE `UserId` = '$id' AND `PasswordHash` = '$hash'"; ... Do not use: $query = "SELECT * FROM `Users` WHERE `UserId` = '$id' AND `PasswordHash` = MD5('$password')"; ... ---- Server IP: 216.194.113.175 Probable Submitter: 206.169.250.126 ---- Manual Page -- http:// www.php.net/manual/en/function.md5.php Edit -- https://master .php.net/note/edit/70019 Del: integrated -- h ttps://master.php.net/note/delete/70019/integrated Del: useless -- http s://master.php.net/note/delete/70019/useless Del: bad code -- htt ps://master.php.net/note/delete/70019/bad+code Del: spam -- https:/ /master.php.net/note/delete/70019/spam Del: non-english -- https://master.php.net/note/delete/70019/non-english Del: in docs -- http s://master.php.net/note/delete/70019/in+docs Del: other reasons-- https://mast er.php.net/note/delete/70019 Reject -- https://mast er.php.net/note/reject/70019 Search -- https:// master.php.net/manage/user-notes.php -- PHP Notes Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

note 70019 deleted from function.md5 by bjori
	2006-09-30 00:11:00
Note Submitter: sorin dot roiban at usphp dot com Reason: in docs ---- When checking credentials against a database where you keep passwords hashed it is more secure to create a query with the password hash instead of the actual password. One reason is that we don't want the password to show up in clear in the database query log. Use: $hash = md5($password); $query = "SELECT * FROM `Users` WHERE `UserId` = '$id' AND `PasswordHash` = '$hash'"; ... Do not use: $query = "SELECT * FROM `Users` WHERE `UserId` = '$id' AND `PasswordHash` = MD5('$password')"; ... -- PHP Notes Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )