On Tue, Apr 21, 2009 at 8:34 AM, Grega Leskovsek <mavri...@gmail.com> wrote:
> provided I want to store hash of a password in MySQL ... Using MySQL,
> the whole check can be achieved with a SQL query, since the MD5
> function is provided as part of the database query language ...
> Can I use also SHA1 or must I use MD5?
> Thanks in advance,
> --
> When the sun rises I receive and when it sets I forgive ->
> http://users.skavt.net/~gleskovs/
> All the Love, Grega Leskov'sek

I would encode the value in PHP and pass the hash to MySQL rather than
passing the password in open text as part of the query and letting
MySQL calculate the hash. That way the sensitive data has already been
hashed and you don't have to worry about whether the communication
between PHP and MySQL travels over an unencrypted network connection
-- now or in the future.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to