2009/2/9 Jan G.B. <ro0ot.w...@googlemail.com>: > 2009/2/9 Stuart <stut...@gmail.com>: >> I would also advise against stripping and trimming >> anything from passwords. By removing characters you're significantly >> reducing the number of possible passwords. > > Surely, the stripping should only be done when when magic_quotes is > enabled! (e.g. Your Server makes \' out of ').
If you have this option switched on on your server you really need to do everything you can to get rid of it. It's evil and has been completely removed from PHP 6. But yes, if you're stuck with it then you need to strip them before storage, but the poster did not make that clear. > Trimming could be left out but it minimizes user errors and users > pretending to know their password. > (Like copy/paste from a passwords-file with added spaces on the end, etc..) Not sure what you mean by users pretending to know their password, but if I put a space at the start or end of my password I would expect that to add to its complexity and make it harder to guess. By stripping it you're not doing anyone any favours. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
