Hi Thomas, I noticed you prepared a patch[1] using MySQL's PASSWORD() function. Please note that this function should *not* be used by applications besides MySQL itself[2] in addition to not salting the hash. The crypt function included in PHP itself[3] with salting and a modern hash like SHA-512 seems to be a better choice.
Regards, Ansgar [1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614304#56> [2] <http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_password> [3] <http://php.net/manual/en/function.crypt.php> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
