Jump to content

Mark Baker

Members
  • Content Count

    1,592
  • Joined

  • Last visited

    Never

Community Reputation

0 Neutral

About Mark Baker

  • Rank
    Prolific Member
  • Birthday 12/19/1960

Profile Information

  • Gender
    Male
  • Location
    Wigan, NW England
  1. $_POST[val1] looks for a constant called val1, and would substitute in whatever value was set for that content as the key for the entry in the $_POST array But no constant of that name has been set, so it gives you a warning to say that it's going to treat val1 as a string key Use $_POST['val1']
  2. I use ripemd128 with a binary salt derived from one element of non-displayed user information from the user record in the DB (Creation date/timestamp as binary) and one piece of information from the server environment. It serves me, and has passed a number of security audits.
  3. There's not really much point in setting passwords if the users can simply click a link and change it without doing something to prove who they are.... But I seem to recall an early version of Windows Lite called "Joe" which used exactly that principle. If the user got their password wrong three times in succession, it assumed they'd forgotten it and allowed them to simply reset it
  4. Correct, a hashed password has to be reset (issuing a new password) if the user forgets it
  5. You can make it even harder by introducing a level of bitwise logic: $encryptedPassword = md5(md5(sha1($plainTextPassword))) ^ md5(sha1(md5($plainTextPassword)));
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.