Security for MD5() ?
Posted: Mon Oct 13, 2008 4:41 am
Hi,
I use this code on my web site ;
$pass="mypass";
$encription=md5($pass);
if ( $encription== md5($_POST['pass']) ) {
bla.. bla..
}
of course i use always db for password but this web site small and there isn't any database progress, so ı use like this login check.
But i think now, may someone can be enter string to form and jump md5 ? Example ;
I enter password field on form: "$pass" like this code. So i think my code will be like this :
if ( $encription== md5($pass) )
it will be true and it will go or is it can go ?
I know i can check _POST value or use htmlentities. But ı used this "if ( $encription== md5($pass) )" code every project so i am worry now. I will check all post values for danger chars. ok but i want to know only this if i not clear post values,is someone jump from this if rule ?
Thank you
I use this code on my web site ;
$pass="mypass";
$encription=md5($pass);
if ( $encription== md5($_POST['pass']) ) {
bla.. bla..
}
of course i use always db for password but this web site small and there isn't any database progress, so ı use like this login check.
But i think now, may someone can be enter string to form and jump md5 ? Example ;
I enter password field on form: "$pass" like this code. So i think my code will be like this :
if ( $encription== md5($pass) )
it will be true and it will go or is it can go ?
I know i can check _POST value or use htmlentities. But ı used this "if ( $encription== md5($pass) )" code every project so i am worry now. I will check all post values for danger chars. ok but i want to know only this if i not clear post values,is someone jump from this if rule ?
Thank you