On 3/10/06, Dusty Bin <[EMAIL PROTECTED]> wrote:
> One thing to remember, is that the password function is MySQL's way of
> storing passwords for MySQL use, and that may change from one release of
> MySQL to another.  This happened very recently.  If you want to store
> application passwords, it is better to use a hash, and be independent of
> MySQL changes.  I use sha1 as I believe it *may* be stronger than MD5(I
> am not a cryptographer), so I store my password as:
>        $passwordToBeStored = sha1($password);
> and check the password as:
>        If(sha1($password) == $storedPassword) {
>                ...
>        }
> HTH... Dusty

Just a note, I would never compare passwords like that, you should put
sha1($password) in your SQL string as a condition and check to see if
any rows where returned.


Michael E. Crute

It is a mistake to think you can solve any major problems just with potatoes.
--Douglas Adams

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to