encypting sessions
Moderator: General Moderators
encypting sessions
will it be safe to mcrypt_ecb() a users username and password??
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
considering mcrypt_ecb is deprecated I wouldn't recommend using it, although why are you wanting to store the users password in the session anyway? This is generally a big security risk, considering if someone were able to steal the session they would have the users password at their command.
If you require the password again after the user has logged in, ask them to input it again on any major actions.
As for encryption, I recommend feyd's SHA256 class (soon to be SHA512 and SHA1024 hopefully!;))
If you require the password again after the user has logged in, ask them to input it again on any major actions.
As for encryption, I recommend feyd's SHA256 class (soon to be SHA512 and SHA1024 hopefully!;))