Hi,
I use this code on my web site ;
$pass="mypass";
$encription=md5($pass);
if ( $encription== md5($_POST['pass']) ) {
bla.. bla..
}
of course i use always db for password but this web site small and there isn't any database progress, so ı use like this login check.
But i think now, may someone can be enter string to form and jump md5 ? Example ;
I enter password field on form: "$pass" like this code. So i think my code will be like this :
if ( $encription== md5($pass) )
it will be true and it will go or is it can go ?
I know i can check _POST value or use htmlentities. But ı used this "if ( $encription== md5($pass) )" code every project so i am worry now. I will check all post values for danger chars. ok but i want to know only this if i not clear post values,is someone jump from this if rule ?
Thank you
Security for MD5() ?
Moderator: General Moderators
Re: Security for MD5() ?
No it doesn't "Jump" it. Did you test it out or just post here before doing anything....
Re: Security for MD5() ?
In that context MD5 is a waste of time. You might as well just do..
It'll achieve the same thing just as securely*.
* In fact, more securely, because there's always a remote possibility of an MD5 hash clashing. The difference isn't worth worrying about but if I don't say it here someone is bound to point it out.
Code: Select all
if ("mypass"==$_POST['pass']) {
//Stuff
}* In fact, more securely, because there's always a remote possibility of an MD5 hash clashing. The difference isn't worth worrying about but if I don't say it here someone is bound to point it out.
Re: Security for MD5() ?
I already try some string attack ofcourse. But my questions is md5() function need to be string and i think somebody can try to enter some string to field so change my code and it is jump from if rule, like sql injection.
but i understand this is impossible because md5 function only accep string function.
thanks for your answers..
but i understand this is impossible because md5 function only accep string function.
thanks for your answers..