On 4/18/06, Sean Mumford <[EMAIL PROTECTED]> wrote:
> Hi Guys,
> I'm working on securing user passwords in a MySQL 4 database with a PHP5
> frontend. I remember being told in one of my classes (I'm currently a
> college junior) that the best way would be to hash a salt and the password
> together and then store the hash in the database instead of the plain MD5
> hash. My question is, what is a good method for the server and the database
> to agree on a salt value to use? I know i could use a predefined variable,
> but I was wondering if something dynamic might be better (timestamp, current
> date, something like that). Any ideas? Thanks in advance!

If it's a dynamic salt, how are you going to access it when you have
to compare ?

There was an article either on phpsec.org or shiflett.org which talks
about this.. can't find the link right now :(

Postgresql & php tutorials

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to