Posted: Sun Feb 13, 2005 3:01 am
Having unencrypted passwords in your database is basically not a problem.
The problem starts sending them over the net. I suggest having a second table that does the access checking that has the md5() hashed password. The normal usertable should have the unencrypted one as this enables you to do password lookup and other stuff. This table row should be only accessable by a different mysql username than the one you use for the website just to make sure.
The problem starts sending them over the net. I suggest having a second table that does the access checking that has the md5() hashed password. The normal usertable should have the unencrypted one as this enables you to do password lookup and other stuff. This table row should be only accessable by a different mysql username than the one you use for the website just to make sure.