On Thursday 01 July 2004 02:17, Chris W. Parker wrote: > Red Wingate <mailto:[EMAIL PROTECTED]> > > on Wednesday, June 30, 2004 9:33 AM said: > > Hashing ... but i guess he wants to protected the > > password needed to access the DB not a PW stored in the > > DB. > > you probably understand this already but for those who > don't i would like to say: > > right, but the point with hashing is that even if the > hashes are retrieved/stolen it will take time (possibly > too long) for the password itself to be > recovered/discovered.
And why would they need to recover/discover them? If other users of the server can "see" your script(s) that holds the information (username/password) for your db, then they don't even have to know the real password-- they can just used the hashed ones to access your db. Or, maybe you want to explain more? :) - E - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
