Mike Baerwolf wrote:

I'm looking at using md5() and mysql for user auth to some of the data in a table. I found the following on the php md5 manual page,

$query = "INSERT INTO user VALUES ('DummyUser',md5('DummyPassword'))";

$password = md5($password);
$query = "SELECT * FROM user WHERE username='DummyUser' AND password='DummyPassword'";

password = '$password'";

I see that nobody will be able to view the password once it's in the database, but I'm thinking that the plain text password is sent to and from the server and someone might be able to snoop the plain text password. Is that right?

Yes. That's why you use SSL on your login pages.

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to