Secure Coding mailing list archives

Re: Scripting Languages and Secure Coding + code

From: Andrew Rucker Jones <arjones () simultan dyndns org>
Date: Sat, 06 Dec 2003 17:05:02 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|>>Going on the assumption that PHP does not use \0 to indicate the end
|>>of a string (as i said, i don't know PHP), the only thing You do
|>>with the password field directly is check that it is not empty, then
|>>put it through MD5. I think MD5 is sanitation enough. What do others
|>>say? (This would also give You a really tiny speed improvement. :)
|
| Using MD5 gives a speed improvement? What planet are you from. ;)

This one. You didn't read what i was saying. He does the MD5 hash
anyway. What i said was, that means he should no longer need the input
validation stuff, which would save a little time.
        I retract my comments anyway. It seems that i misunderstood the PHP
functions being used. (Like i said, i don't know the language.)

                -&

- --
GPG key / SchlÃ¼ssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschlÃ¼sseln.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/0aFVoI7tqy5bNGMRAhIgAJ0eOVEjlWE7aFTBT7HN0gsaehJGLQCfcUju
j1xWxMk8agLJFb7wsjgHHug=
=ikxd
-----END PGP SIGNATURE-----

Current thread:

Re: Scripting Languages and Secure Coding + code Louis Solomon [SteelBytes] (Dec 05)
- <Possible follow-ups>
- RE: Scripting Languages and Secure Coding + code Robert Shields (Dec 05)
- Re: Scripting Languages and Secure Coding + code Andrew Rucker Jones (Dec 06)
- Re: Scripting Languages and Secure Coding + code M.K.Pai (Dec 08)