Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming pseudo (or real) ajax db and view updating?
pseudo (or real) ajax db and view updating?
  • El Forum
    Guest
  •  
#4
09-29-2009, 05:58 AM

[eluser]BrianDHall[/eluser]
Its not so much less secure, but actually just has a greater chance of collision (two different considerations, though in pure password verification scenarios they are basically the same). A single hash exposes something that shouldn't be exposed - such as the hashed value of a password, so a person could then take the value and run it for collisions on their local computer. Thus it is wise to mix something else in if you are actually going to send something to the browser, though the preferred method would be using a one-time random string and not a hash of any kind.

Though you do point out correctly that hashing together things is not more secure than just using a single hash, so you certainly have no reason to ever do something like $password = sha1(sha1($clear_password)).


Messages In This Thread
pseudo (or real) ajax db and view updating? - by El Forum - 09-28-2009, 08:52 AM
pseudo (or real) ajax db and view updating? - by El Forum - 09-28-2009, 06:30 PM
pseudo (or real) ajax db and view updating? - by El Forum - 09-29-2009, 04:10 AM
pseudo (or real) ajax db and view updating? - by El Forum - 09-29-2009, 05:58 AM
pseudo (or real) ajax db and view updating? - by El Forum - 09-30-2009, 07:42 AM
pseudo (or real) ajax db and view updating? - by El Forum - 09-30-2009, 01:51 PM
pseudo (or real) ajax db and view updating? - by El Forum - 10-01-2009, 02:35 PM



Theme © iAndrew 2016 - Forum software by © MyBB