Hah.. Because I figured it wouldn't be an accepted solution by "real
security" people. :) I've used it too. Also used the md5_file()
function to create a duplicate file scanner for my home PC.
The only problem with using MD5 or another one-way solution on a general
site that doesn't require super-security is that when people forget
their password, you have to do a "Click this to reset your password",
have it reset to something random, then have them change it when they
log in. There's no "Send me my password" ability, which I find kind of
useful on general sites that make you log in (free registration and
As for why you're in the direct mail.. I don't know. I just did "Reply
all" to the original question and you must have been in it. :)
Just enjoy the love and stop complaining. Hah.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 18, 2004 12:15 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP-DB] password encryption
> Quoting "Gryffyn, Trevor" <[EMAIL PROTECTED]>:
> > If you want to be cheesy, you can also use something like
> an MD5 has on
> > "dog" and get whatever it gets.... Then every time someone
> enters "dog"
> > it always ends up with the same MD5 hash.
> How is using MD5 cheesy? I've implemented exactly that
> solution a number of times. Admittedly, only for a very
> small site, mainly as the 'site content update' password.
> ps. and on another note, why am I in the list of direct
> addressees here?
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php