On Wed, Jul 8, 2009 at 9:48 AM, Martin Scotta<martinsco...@gmail.com> wrote:
> $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\'
> and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $password
> .'\'))';
> I use this solution because md5 run faster in Mysql
> --
> Martin Scotta

If you were running a loop to build a rainbow table or brute-force a
password, I could see where that would matter. For authenticating a
single user it seems like premature optimization to me. On my
development machine, where PHP runs slow inside of the IDE, the
average time to perform an md5 hash on a text string of 38 characters
(much longer than most passwords) over 10000 iterations is around
0.00085 seconds. I can live with that. :-)  I still like handling the
encryption in PHP and then passing the encrypted value to the database
for storage/comparison.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to