MD5 is a one-way hash.  There is no way to get information back out of it.
If he keeps a copy of the hash locally to comare instead of the original
password, this is still as vulnerable as using the original password in this
case.  The only thing it would protect from is making available the original
password (which may be used by the user for other sites, applications, etc).

Seairth Jacobs

"Adam Williams" <[EMAIL PROTECTED]> wrote in message
> Just suggestion but why not use md5($password) and then send the result of
> that in your GET?
> Adam
> On Wed, 21 Aug 2002, Mark McCulligh wrote:
> > I have two server.  One running PHP/Linux the other running ASP/2000.
> > The user logins into the PHP server and session variables are made to
> > their username, password, department, etc..  The site from time to time
> > redirect the user to the ASP server.  I want to pass the session
> > across to the other server.  I can't use the GET method.
> > ( because putting the
password on
> > the address bar is not an option.  The ASP server will redirect them
> > when they are done on it. It will pass back the variables just in case
> > session on the PHP server has expired for the PHP server can create a
> > session if needed.
> >
> > I don't want to use a cookie.
> >
> > I was thinking of using cURL but I can't fine any information about
using it
> > in ASP.  I know how to use cURL in PHP to redirect the user to the ASP
> > server and pass the variables in the POST method, but not the other way.
> >
> > Any ideas would be a GREAT help.
> > Mark.
> >
> > _________________________________________
> > Mark McCulligh, Application Developer / Analyst
> > Sykes Canada Corporation
> >
> >
> >
> >

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to