[PHP-DB] md5() and mysql
Hello,
I'm looking at using md5() and mysql for user auth to some of the data
in a table. I found the following on the php md5 manual page,
$query = INSERT INTO user VALUES ('DummyUser',md5('DummyPassword'));
$password = md5($password);
$query = SELECT * FROM user WHERE username='DummyUser' AND
password='DummyPassword';
I see that nobody will be able to view the password once it's in the
database, but I'm thinking that the plain text password is sent to and
from the server and someone might be able to snoop the plain text
password. Is that right?
Thanks for the help,
Mike
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] md5() and mysql
Mike Baerwolf wrote:
I'm looking at using md5() and mysql for user auth to some of the data
in a table. I found the following on the php md5 manual page,
$query = INSERT INTO user VALUES ('DummyUser',md5('DummyPassword'));
$password = md5($password);
$query = SELECT * FROM user WHERE username='DummyUser' AND
password='DummyPassword';
password = '$password';
I see that nobody will be able to view the password once it's in the
database, but I'm thinking that the plain text password is sent to and
from the server and someone might be able to snoop the plain text
password. Is that right?
Yes. That's why you use SSL on your login pages.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
