[nycphp-talk] PHP Form Validation
Jerry B. Altzman
jbaltz at altzman.com
Fri Sep 2 14:20:14 EDT 2005
On 9/2/2005 2:02 PM, Chris Shiflett wrote:
> max wrote:
>>The only problem is restrictive regexp which won't
>>let you use say ! as part of a password.
> I never filter passwords like that - as long as you use the MD5 of
> something as your filtered password, you're pretty safe, because it's
> alphanumeric. This lets people use anything they want.
In fact, using a hash of a password instead of the password itself has a
number of advantages:
1) The database column is always fixed-length -- a nice to have if you
can have it.
2) You can have a pass *phrase* not just a pass *word* -- makes
remembering much easier.
3) YOu don't store in your database plaintext (which you shouldn't be
doing anyway -- either you hash the password itself, or if you MUST have
access to the original, crypt it and decrypt it in the DB.
> Chris
//jbaltz
--
jerry b. altzman jbaltz at altzman.com KE3ML
thank you for contributing to the heat death of the universe.
More information about the talk
mailing list
Automatic Email Organization without missing anything!