Hah.. Because I figured it wouldn't be an accepted solution by "real security" people. :) I've used it too. Also used the md5_file() function to create a duplicate file scanner for my home PC.
The only problem with using MD5 or another one-way solution on a general site that doesn't require super-security is that when people forget their password, you have to do a "Click this to reset your password", have it reset to something random, then have them change it when they log in. There's no "Send me my password" ability, which I find kind of useful on general sites that make you log in (free registration and such). As for why you're in the direct mail.. I don't know. I just did "Reply all" to the original question and you must have been in it. :) Just enjoy the love and stop complaining. Hah. -TG > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 18, 2004 12:15 PM > To: [EMAIL PROTECTED] > Subject: RE: [PHP-DB] password encryption > > > Quoting "Gryffyn, Trevor" <[EMAIL PROTECTED]>: > > > If you want to be cheesy, you can also use something like > an MD5 has on > > "dog" and get whatever it gets.... Then every time someone > enters "dog" > > it always ends up with the same MD5 hash. > > How is using MD5 cheesy? I've implemented exactly that > solution a number of times. Admittedly, only for a very > small site, mainly as the 'site content update' password. > > -P > > ps. and on another note, why am I in the list of direct > addressees here? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
