From: "Raditha Dissanayake" <[EMAIL PROTECTED]> > >Oh, and this will do almost NOTHING to make your site more secure. Why do > >you think it will? > > You are partly right about this we had a nice flame war about this very > issue couple of weeks ago on the jabber lists. Anyone interested in the > nitty gritty can google on the jabber archives. I still use the > password() function whenever i can cause i only have to type in about 10 > keystrokes anyhow, the reason is that it will keep other users of the > database from accidentaly seeing passwords that they shouldn't. Since > this is one way hashes it cannot be decoded. Almost any argument that > applies for/against /etc/password would apply to mysql password() as well.
True, true. I actually use MD5() for the same reason, but, really, if someone has access to the database to read the hashes, odds are they have access to the rest of the database and your code. So what are you protecting really? In my eyes, it's just another tool to keep honest people honest... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
