voodooKobra

Sounds like a complicated situation. Okay, this is comical. At no point did I accuse you of encrypting passwords. I accused you of rolling your own cryptography based on that post in the other thread. Not only am I not confused about the difference between hashing and encryption, but you seem to have confused the word cryptography to mean encryption. You should start with an understanding of basic cryptography terms and concepts. Let me draw you a map: If you're going to accuse me of incompetence, please do so competently.

This is a response to this post, since the topic is locked: From Wikipedia: You should go into additional detail. This sounds like you rolled your own cryptography in production. This is a bad idea. What to do next time, couresy of Coda Hale: Since this forum software is a PHP application, you should be using password_hash() and password_verify().

I'm not looking for one to use, I'm looking for ideas for a project that other developers would actually appreciate. (I just `sudo su postgres -c psql` when doing DBA stuff ) ​ ​Maybe I'll review those and drop some 0days on full disclosure

I've been thinking about building an alternative to phpMyAdmin that is: ​ ​a) secure by default ​b) cross-platform (works with MySQL, PostgreSQL, MS SQL, maybe others) out of the box ​c) self-updating (verifies the new package with an RSA public key; the private key for which would be kept offline) ​ ​Would anyone be interested in such a project? Would anyone use it?

What exactly do you need the reporting tool to do? Analytics? If so, what kind of analytics? Reports? If so, what kind of reports? Do you want an ad-hoc reporting feature so each business analyst can quickly create their own without having to know SQL? Scheduling? Charts? Graphs? Historical comparison?

Oh, you're right. For some reason I thought it did.

Hi everyone, I'm Kobra and I hack frameworks. My interests lie mostly in appsec, crypto, and anti-forensics. I've been writing PHP code for over 12 years and I've found amusing ways to abuse language features. I'm a walking encyclopedia of antipatterns and security vulnerabilities. Let me know if you want to know more!

It's probably worth noting that \xBB is for byte literals (most usually ASCII), meanwile \uBBBB is meant for unicode characters (UTF-.