Verifying an md5 password against plain text?

#15
[eluser]jedd[/eluser]
Cheese,

You can also streamline the logic a touch - and instead do something like this in your model:

Code:
SELECT
    *
FROM
    user
WHERE
    name = $name_from_form
AND
    password = md5($password_from_form)

By making the encrypted or hashed version of the password one of the criteria for selection, you never retrieve the user's details UNLESS they've entered the right credentials. It's the same performance as retrieving the row and then comparing the password field to your encrypted password - but seems to me to give less away to any ne'er-do-wells. It also reduces your code size slightly by amalgamating the 'wrong password' with 'user name not found' errors into one.


Messages In This Thread
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 03:00 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 03:21 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 03:52 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 03:56 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 04:02 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 04:04 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 04:04 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 04:05 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 04:13 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 04:44 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 06:58 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 07:47 PM
Verifying an md5 password against plain text? - by El Forum - 11-05-2009, 08:07 PM
Verifying an md5 password against plain text? - by El Forum - 11-06-2009, 04:00 AM
Verifying an md5 password against plain text? - by El Forum - 11-06-2009, 04:05 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.