Login

11-07-2008, 09:49 AM

[eluser]Comanche[/eluser]
Hi,

I would hash the passwords if it would be possible, but at the moment I have the order to save them in plain text Undecided

As soon as I'm allowed to do so I would use SHA-256 with a salt to save them (I'm studying 'IT-Security' so it's not the missing knowledge about security features which prevents me from using hashed passwords Big Grin

).

For the second thing you mention, 'kid' is limited to positive integer by

Code:
function validatePosInteger($num)

{

    return is_numeric($num) && ($num >= 0) && ($num == (int)$num);

}

and 'name' is limited to alphanumeric, '.', '&', '-' and space. There is also a second check if a 'kid' with a given value exists within the database.

Thanks for mentioning 'htmlspecialchars', I wasn't thinking about it until now but it's sure a good thing to do so Smile

[quote author="dcunited08" date="1226094207"]Let me get this straight, there are two columns, one in encrypted (not hashed) and one is not?[/quote]
Yes, and please don't ask me why, the system as it is was introduced nine years ago, at that time I was visiting 10th grade at school Big Grin