Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.
When your running md5 on a password before you save it to the database, is their any point at all to check the content of the password, or it's maximum length?
no, it is not pointless. Reasons why is to do a sanity check on how potentially strong the password is. The longer the password is, the more secure it potentially becomes. Checking for it having w lowercase, x uppercase, y numbers, and z symbols would add more security checking of the password.
I'm sorry, I meant that besides checking the minimum length and the content for strength, there isn't any reason to limit the length or disallow any specific characters.
~astions. MD5 works on binary strings and ascii strings so the password could be anything really. Disallowing characters just means your users have less chance of picking a strong password.
Yeah I know, I just wanted to make sure there weren't any issues with it being like 4000 characters or something. This makes me wonder why yahoo, hotmail and almost every large web site limits the length of your password