web development tip: never store passwords in clear
Many people know this already; but for those that don't: Can anybody think of a reason why passwords should be stored in clear in the database? Because for sure there are huge risks involved, starting from any kind of browser/session hijacking, to major security issues if somebody gets db access or a hold of your db dumps.
This problem is commonly solved by using md5(); whose algorithm is OS independent, and provides a quick and secure hash of the password; uniquely and one-way only encoded. Instead of storing passwords in clear, one should store the md5() of that password in the db, in some varchar(32). Whenever it needs to be checked, the user-provided password is encoded via md5() too, and the comparison is run on hash level.
This problem is commonly solved by using md5(); whose algorithm is OS independent, and provides a quick and secure hash of the password; uniquely and one-way only encoded. Instead of storing passwords in clear, one should store the md5() of that password in the db, in some varchar(32). Whenever it needs to be checked, the user-provided password is encoded via md5() too, and the comparison is run on hash level.
