gt; On Tue, February 20, 2007 4:08 am, Tim wrote:
> >>
> >>
> >>> -Message d'origine-
> >>> De : Haydar Tuna [mailto:[EMAIL PROTECTED]
> >>> Envoyé : mardi 20 février 2007 10:34
> >>> À : php-general@lists.php.net
" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Tue, February 20, 2007 4:08 am, Tim wrote:
>>
>>
>>> -Message d'origine-
>>> De : Haydar Tuna [mailto:[EMAIL PROTECTED]
>>> Envoyé : mardi 20 février 2007 10:34
>&
On Tue, February 20, 2007 4:08 am, Tim wrote:
>
>
>> -Message d'origine-
>> De : Haydar Tuna [mailto:[EMAIL PROTECTED]
>> Envoyé : mardi 20 février 2007 10:34
>> À : php-general@lists.php.net
>> Objet : [PHP] Re: Securing user table with sha fu
On Mon, February 19, 2007 5:12 am, Fergus Gibson wrote:
>> 4) if user forget his or her password, you can send email to the
>> user when
>> the user answer password protected question.
>
> Kinda impossible if the password is hashed, isn't it? What a strange
> thought, though. I guess all those si
- Original Message -
From: "Tim" <[EMAIL PROTECTED]>
-Message d'origine-
De : Haydar Tuna [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 février 2007 10:34
À : php-general@lists.php.net
Objet : [PHP] Re: Securing user table with sha function
Hello agai
> -Message d'origine-
> De : Fergus Gibson [mailto:[EMAIL PROTECTED]
> Envoyé : lundi 19 février 2007 12:01
> À : php-general@lists.php.net
> Objet : [PHP] Re: Securing user table with sha function
>
> Tim wrote:
> > Now moving on into other aspects of
> -Message d'origine-
> De : Haydar Tuna [mailto:[EMAIL PROTECTED]
> Envoyé : mardi 20 février 2007 10:34
> À : php-general@lists.php.net
> Objet : [PHP] Re: Securing user table with sha function
>
> Hello again,
> if you crypt your usernames, it
Hello again,
if you crypt your usernames, it happened many problems. As you know,
if you crypt any string to SHA1, you don't decrypt again. You cannot use
username in your application. in my many application, I have crpyted
password , I haven't cryrpt usernames. Becuase I used username for
Tim wrote:
> Now moving on into other aspects of security :P I was thinking of a way to
> secure my login inputs the best way possible.
[...]
Maybe I'm missing something, but why not simply inspect and clean input
to ensure that it's always properly escaped and safe to send to your
database? It s
Haydar Tuna wrote:
> 1) If you protect your site from SQL Injection, you must replace all quote
> and blank character in your form data. (with string functions)
A better approach is data inspection. For example, if you know a field
should only ever contain letters, you can use ctype_alpha() to c
> -Message d'origine-
> De : Haydar Tuna [mailto:[EMAIL PROTECTED]
> Envoyé : lundi 19 février 2007 08:12
> À : php-general@lists.php.net
> Objet : [PHP] Re: Securing user table with sha function
>
> Hello,
>
> 1) If you protect your site from SQL In
Hello,
1) If you protect your site from SQL Injection, you must replace all quote
and blank character in your form data. (with string functions)
2) After this step, you can compare your password (with SHA1) and database
password field (with SHA1).
3) if comparing passwords are true, then you mu
12 matches
Mail list logo
