|
|
Posted by MS on 11/11/07 17:12
Hi,
I'm writing a PHP login script for a web site. I've looked at several
examples on the web and some of them use MD5 hashes for the password. They
do this in various ways.
EG.
a) Storing a MD5 hash of the original password in the database (in the
password field), and then comparing the MD5 hash of the user entered
password against that storied in the database.
b) Storing the password in the database, then comparing the MD5 hash of
that against a MD5 hash of the user entered password.
Mine currently uses no MD5 hashes at all. Here is a snippet:
Note: The 'username' field in the 'member' table of the db is unique so
the use of a valid username and password should return exactly one row.
$sql = "SELECT * FROM member WHERE username =
'$user' AND password = '$pass'";
$result = mysql_query($sql) or MyDie("Error: ".mysql_error());
// Determine how many records are in the results
$numRowsReturned = mysql_num_rows($result);
So if $numRowsReturned == 1 the user gains entry, otherwise not.
I'm new to this so am wondering if there is some sensible security reason
that MD5 hashes are being used, otherwise I completely fail to see why
anyone is using them at all.
Can someone explain this to me please and let me know why -if at all- I
should be using MD5? If I should does it make any difference whether I use
MySQL's MD5 function on PHP's MD5 function, just in case there is a
security issue with that as well.
Many thanks and regards, etc..
Navigation:
[Reply to this message]
|