I'm looking at using md5() and mysql for user auth to some of the data in a table. I found the following on the php md5 manual page,

$query = "INSERT INTO user VALUES ('DummyUser',md5('DummyPassword'))";

$password = md5($password);
$query = "SELECT * FROM user WHERE username='DummyUser' AND password='DummyPassword'";

I see that nobody will be able to view the password once it's in the database, but I'm thinking that the plain text password is sent to and from the server and someone might be able to snoop the plain text password. Is that right?

Thanks for the help,

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to