[nycphp-talk] PHP Form Validation
Jerry B. Altzman
jbaltz at altzman.com
Fri Sep 2 14:20:14 EDT 2005
On 9/2/2005 2:02 PM, Chris Shiflett wrote:
> max wrote:
>>The only problem is restrictive regexp which won't
>>let you use say ! as part of a password.
> I never filter passwords like that - as long as you use the MD5 of
> something as your filtered password, you're pretty safe, because it's
> alphanumeric. This lets people use anything they want.
In fact, using a hash of a password instead of the password itself has a
number of advantages:
1) The database column is always fixed-length -- a nice to have if you
can have it.
2) You can have a pass *phrase* not just a pass *word* -- makes
remembering much easier.
3) YOu don't store in your database plaintext (which you shouldn't be
doing anyway -- either you hash the password itself, or if you MUST have
access to the original, crypt it and decrypt it in the DB.
> Chris
//jbaltz
--
jerry b. altzman jbaltz at altzman.com KE3ML
thank you for contributing to the heat death of the universe.
More information about the talk
mailing list