"Aaron Todd" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have developed a PHP based site that requires users to login. Their login > information is kept in a MYSQL database. Currently, I am using an IF > statement to verify what the user enters as their password with what is in > the the database. If they are the same a session is created and they have > access to the content of the site. > > As far as I know the password is being sent to the script in clear text and > I was wondering what a good way would be to get this to be encrypted. My > first thought is to encrypt the password in the database using crypt(). So > if I view the table I will see the encrypted characters. Then change the IF > statement to encrypt the password that the user enters and then just check > if its the same as what is in the database. That sounds like the same as I > am doing now only instead of checking a password that is a name, its > checking the encrypted characters of the name. > > So it seems my idea would hide the real characters. > > Can anyone tell me if this is a bad idea. And maybe point me toward a good > one. > > Thanks, > > Aaron
Hi Aaron, encrypting passwords in the database is generally a good idea. You can use md5() as an alternative to crypt(). MySQL itself has an MD5 function you can directly use in your SQL statements. Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
