2009/4/21 Andrew Ballard <aball...@gmail.com>:
> On Tue, Apr 21, 2009 at 8:34 AM, Grega Leskovsek <mavri...@gmail.com> wrote:
>> provided I want to store hash of a password in MySQL ... Using MySQL,
>> the whole check can be achieved with a SQL query, since the MD5
>> function is provided as part of the database query language ...
>> Can I use also SHA1 or must I use MD5?
>> Thanks in advance,
>> --
>> When the sun rises I receive and when it sets I forgive ->
>> http://users.skavt.net/~gleskovs/
>> All the Love, Grega Leskov'sek
> I would encode the value in PHP and pass the hash to MySQL rather than
> passing the password in open text as part of the query and letting
> MySQL calculate the hash. That way the sensitive data has already been
> hashed and you don't have to worry about whether the communication
> between PHP and MySQL travels over an unencrypted network connection
> -- now or in the future.

Well, It's a point. But regarding that in most setups the database
server is only accessible in a local subnet or is only listening on
the loopback device of the same server hosting the webserver, you must
not think about someone sniffing your traffic.
A web application that uses an external db server would be quite ...
uhm... slow! Anyone did this, yet? ;)

I'm using md5()/sha1() in several stored procedures and I feel quite
safe with it.


> Andrew
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to