* Thus wrote - Edwin -: > On Thursday 01 July 2004 02:17, Chris W. Parker wrote: > > Red Wingate <mailto:[EMAIL PROTECTED]> > > > > on Wednesday, June 30, 2004 9:33 AM said: > > > Hashing ... but i guess he wants to protected the > > > password needed to access the DB not a PW stored in the > > > DB. > > > > you probably understand this already but for those who > > don't i would like to say: > > > > right, but the point with hashing is that even if the > > hashes are retrieved/stolen it will take time (possibly > > too long) for the password itself to be > > recovered/discovered. > > And why would they need to recover/discover them? > > If other users of the server can "see" your script(s) that > holds the information (username/password) for your db, > then they don't even have to know the real password-- > they can just used the hashed ones to access your db.
Well, at this point there is no need for those hashes. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
