NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP Form Validation

Jerry B. Altzman jbaltz at altzman.com
Fri Sep 2 14:20:14 EDT 2005


On 9/2/2005 2:02 PM, Chris Shiflett wrote:
> max wrote:
>>The only problem is restrictive regexp which won't
>>let you use say ! as part of a password.
> I never filter passwords like that - as long as you use the MD5 of 
> something as your filtered password, you're pretty safe, because it's 
> alphanumeric. This lets people use anything they want.

In fact, using a hash of a password instead of the password itself has a 
number of advantages:

1) The database column is always fixed-length -- a nice to have if you 
can have it.
2) You can have a pass *phrase* not just a pass *word* -- makes 
remembering much easier.
3) YOu don't store in your database plaintext (which you shouldn't be 
doing anyway -- either you hash the password itself, or if you MUST have 
access to the original, crypt it and decrypt it in the DB.

> Chris

//jbaltz
-- 
jerry b. altzman        jbaltz at altzman.com              KE3ML
thank you for contributing to the heat death of the universe.



More information about the talk mailing list