Secure Coding mailing list archives
Re: Scripting Languages and Secure Coding + code
From: Andrew Rucker Jones <arjones () simultan dyndns org>
Date: Sat, 06 Dec 2003 17:05:02 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 |>>Going on the assumption that PHP does not use \0 to indicate the end |>>of a string (as i said, i don't know PHP), the only thing You do |>>with the password field directly is check that it is not empty, then |>>put it through MD5. I think MD5 is sanitation enough. What do others |>>say? (This would also give You a really tiny speed improvement. :) | | Using MD5 gives a speed improvement? What planet are you from. ;) This one. You didn't read what i was saying. He does the MD5 hash anyway. What i said was, that means he should no longer need the input validation stuff, which would save a little time. I retract my comments anyway. It seems that i misunderstood the PHP functions being used. (Like i said, i don't know the language.) -& - -- GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt Encrypt everything. / Alles verschlüsseln. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/0aFVoI7tqy5bNGMRAhIgAJ0eOVEjlWE7aFTBT7HN0gsaehJGLQCfcUju j1xWxMk8agLJFb7wsjgHHug= =ikxd -----END PGP SIGNATURE-----
Current thread:
- Re: Scripting Languages and Secure Coding + code Louis Solomon [SteelBytes] (Dec 05)
- <Possible follow-ups>
- RE: Scripting Languages and Secure Coding + code Robert Shields (Dec 05)
- Re: Scripting Languages and Secure Coding + code Andrew Rucker Jones (Dec 06)
- Re: Scripting Languages and Secure Coding + code M.K.Pai (Dec 08)