Hello Justin or Anybody else > Store an MD5 of the password, that way you're comparing the two hashes, not > two passwords... even if someone stumbles into your database, they'll only > see the MD5'd password. A further step would be encryption, on which you > will have to do a LOT of reading. Just out of curiosity how can you pass an md5 hash to a database like mysql as password? Taking mysql as an example I would say you need to pass the pwd in clearform since mysql will probably do a hash to it to compare it to its internal rights db. Or is there a feature that tells mysql upon connection that the pwd is allready hashed? I mean storing the hash as the password doesn't resolve the conflict since then you have the clear password in the file again. So how can this be done?
Regards Stefan Langer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
