MD5 is a one-way hash. There is no way to get information back out of it. If he keeps a copy of the hash locally to comare instead of the original password, this is still as vulnerable as using the original password in this case. The only thing it would protect from is making available the original password (which may be used by the user for other sites, applications, etc).
--- Seairth Jacobs [EMAIL PROTECTED] "Adam Williams" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Just suggestion but why not use md5($password) and then send the result of > that in your GET? > > Adam > > On Wed, 21 Aug 2002, Mark McCulligh wrote: > > > I have two server. One running PHP/Linux the other running ASP/2000. > > The user logins into the PHP server and session variables are made to hold > > their username, password, department, etc.. The site from time to time > > redirect the user to the ASP server. I want to pass the session variable > > across to the other server. I can't use the GET method. > > (www.domain.com/form.asp?username=Mark.....) because putting the password on > > the address bar is not an option. The ASP server will redirect them back > > when they are done on it. It will pass back the variables just in case the > > session on the PHP server has expired for the PHP server can create a new > > session if needed. > > > > I don't want to use a cookie. > > > > I was thinking of using cURL but I can't fine any information about using it > > in ASP. I know how to use cURL in PHP to redirect the user to the ASP > > server and pass the variables in the POST method, but not the other way. > > > > Any ideas would be a GREAT help. > > Mark. > > > > _________________________________________ > > Mark McCulligh, Application Developer / Analyst > > Sykes Canada Corporation www.SykesCanada.com > > [EMAIL PROTECTED] > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php