Code Forums - View Single Post

redhead · 08-27-2005, 03:35 PM

For a simple usage, this could be an aproach.

PHP Code:


			
$salt="some_key_here";

$salted_passwd=md5($PHP_AUTH_PW.$salt);

$sql="select * from adminuser where admin='$PHP_AUTH_USER' and password='$salted_passwd'";

that way, if your database is compromised so the lurker can figureout someones passwd, they might be able to find something that mathes the md5-sum, but they'll never find the real passwd because you salt the submitted one, befor you check it up against the one in the database. Which would make a compromised one double salted, befor you check it against the lurked one.

08-27-2005, 03:35 PM	#6 (permalink)
redhead Newbie Join Date: Jun 2002 Location: Denmark Posts: 1,693	For a simple usage, this could be an aproach. PHP Code: `$salt="some_key_here"; $salted_passwd=md5($PHP_AUTH_PW.$salt); $sql="select * from adminuser where admin='$PHP_AUTH_USER' and password='$salted_passwd'";` that way, if your database is compromised so the lurker can figureout someones passwd, they might be able to find something that mathes the md5-sum, but they'll never find the real passwd because you salt the submitted one, befor you check it up against the one in the database. Which would make a compromised one double salted, befor you check it against the lurked one. __________________ Don't worry Ma'am, We're university students, We know what We're doing. ----- If you pull the pin, Mr.Grenade would no longer be your friend. ----- 01000111 01101111 00100000 01000011 00100000 00100001