Re: Password encryption

Sun, 10 Jun 2001 20:02:21 -0700 

Unfortunately not.  I devised this method myself.  What I did was used php's
random function to first select a length for the string and then select a
random number between 1 and 62.  If the number was between 1 and 10, add the
corresponding character between 0 and 9, between 11 and 36, a capital letter
and then small letter of numbers above 37.

When a user logs in, it generates this random char string and inserts it
into a table in the database.  When the user goes to a new page, it uses
this string to obtain that user's details.  I also have a timestamp field so
that, if the user hasn't done anything for some time, they will have to log
back in.  This is incase they forget to log out.

This random char string must be unique.  I don't have a check for this as I
have a very small user base but if it was larger, I'd have to check if this
string is unique and generate a new one if it wasn't.


----- Original Message -----
From: "WCBaker" <[EMAIL PROTECTED]>
To: "Rolf Hopkins" <[EMAIL PROTECTED]>; "MySQL"
<[EMAIL PROTECTED]>
Sent: Monday, June 11, 2001 8:31
Subject: Re: Password encryption


>
> Hi!
>
> Could you point us in the direction of a  description of/code for   the
way
> you devised to create a random char string passed to the next page?
>
> Much appreciated,
>
> -Warren
>
>
> > Well, if you're using web pages, I've never thought much of passwords
> being
> > passed from one page to the next.  Too much at risk of being "sniffed"
out
> > each time a page is submitted to the server.  I devised a way that
creates
> a
> > random char string which changes each time a user logs on  and that gets
> > passed to the next page instead of the password itself.
> >
> > Other than that, I don't think I can be much more help.
> >
>


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to