|Hello Justin or Anybody else | |> Store an MD5 of the password, that way you're comparing the two hashes, |not |> two passwords... even if someone stumbles into your database, they'll |only |> see the MD5'd password. A further step would be encryption, on which |you |> will have to do a LOT of reading.
On Jun 26, 2003, "[EMAIL PROTECTED]" claimed that: |Just out of curiosity how can you pass an md5 hash to a database like |mysql as password? Taking mysql as an example I would say you need to pass |the pwd in clearform since mysql will probably do a hash to it to compare |it to its internal rights db. Or is there a feature that tells mysql upon |connection that the pwd is allready hashed? |I mean storing the hash as the password doesn't resolve the conflict since |then you have the clear password in the file again. |So how can this be done? | |Regards |Stefan Langer | http://www.php.net/md5 Set the column type of password to be a char(32). Then, pass the password through md5 to mysql to store it. To verify it, pass the password through md5 then compare it to what's in the database. "one should not increase, beyond what is necessary, the number of entities required to explain anything." -- Registered Linux user #304026. "lynx -source http://jharris.rallycentral.us/jharris.asc | gpg --import" Key fingerprint = 52FC 20BD 025A 8C13 5FC6 68C6 9CF9 46C2 B089 0FED Responses to this message should conform to RFC 1855. pi="May I have a large container of coffee? Thank you." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
