Instead of using a hash if the password string, i prefer to save the following in the password field of my user's table:
md5($user . $password) There are some md5 databases around that can be used to get the cleartext password from the hash if your database is compromised, if you use this method it's difficult to get the cleartext password because it depends on the user and you are also validating if the user exists. However, i have a question. Which is better?, the md5 function provided by PHP or MySQL? i used the MySQL function because i didn't compile PHP with support for hash. -- Saludos Oscar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
