Comments on: Building Browsergames: Securing our hashes (PHP) http://buildingbrowsergames.com/2008/07/15/securing-our-hashes-php/ Ever wanted to build a browsergame? Wed, 10 Mar 2010 20:26:23 +0000 http://wordpress.org/?v=2.8.5 hourly 1 By: binni http://buildingbrowsergames.com/2008/07/15/securing-our-hashes-php/comment-page-1/#comment-521 binni Thu, 15 Oct 2009 07:34:46 +0000 http://buildingbrowsergames.com/?p=84#comment-521 I meailing this to my friend he has got great interest in this.<br><br>Have a nice day<br>paul<br>______________________________________________<br><a href="http://www.chaperonealert.com/" target="_blank" rel="nofollow">Medical Alarm</a> | <a <a href="http://href=%22http://www.SMARTSOURCENEWS.com" rel="nofollow">href="http://www.SMARTSOURCENEWS.com</a> " target="_blank">pass a drug test</a> | <a <a href="http://href=%22http://www.PASS-ALL-DRUG-TEST.com" rel="nofollow">href="http://www.PASS-ALL-DRUG-TEST.com</a> " target="_blank">pass marijuana drug test</a> I meailing this to my friend he has got great interest in this.

Have a nice day
paul
______________________________________________
Medical Alarm | <a href=”http://www.SMARTSOURCENEWS.com ” target=”_blank”>pass a drug test | <a href=”http://www.PASS-ALL-DRUG-TEST.com ” target=”_blank”>pass marijuana drug test

]]> By: max191 http://buildingbrowsergames.com/2008/07/15/securing-our-hashes-php/comment-page-1/#comment-484 max191 Mon, 05 Oct 2009 08:08:27 +0000 http://buildingbrowsergames.com/?p=84#comment-484 I would just say one thing to you and that is, “FANTASTIC”!! Keep it up and wish to get more details from your blog.<br>regards<br><a rel="dofollow" href="http://www.charcoalgrillsite.com" rel="nofollow">charcoal grill</a> I would just say one thing to you and that is, “FANTASTIC”!! Keep it up and wish to get more details from your blog.
regards
charcoal grill

]]> By: MrLollige http://buildingbrowsergames.com/2008/07/15/securing-our-hashes-php/comment-page-1/#comment-369 MrLollige Sat, 14 Mar 2009 18:05:48 +0000 http://buildingbrowsergames.com/?p=84#comment-369 Ah ok :).<br>Anyway, my salt (which I made before I read this thanks to the user comments on other pages) is short, and I probably do not need it anywhere else than on the login and register page. <br>Thanks for your reply! Ah ok :) .
Anyway, my salt (which I made before I read this thanks to the user comments on other pages) is short, and I probably do not need it anywhere else than on the login and register page.
Thanks for your reply!

]]> By: Luke http://buildingbrowsergames.com/2008/07/15/securing-our-hashes-php/comment-page-1/#comment-362 Luke Sat, 14 Mar 2009 17:12:13 +0000 http://buildingbrowsergames.com/?p=84#comment-362 The benefits of turning it into a configuration value aren't so much in<br>securing it, as they are in not repeating it everywhere - if your salt is<br>'thequickbrownfoxjumpedoverthelazydog', do you really want to type that<br>everytime you need it? The benefits of turning it into a configuration value aren't so much in
securing it, as they are in not repeating it everywhere – if your salt is
'thequickbrownfoxjumpedoverthelazydog', do you really want to type that
everytime you need it?

]]> By: MrLollige http://buildingbrowsergames.com/2008/07/15/securing-our-hashes-php/comment-page-1/#comment-361 MrLollige Sat, 14 Mar 2009 16:13:10 +0000 http://buildingbrowsergames.com/?p=84#comment-361 you could(and probably should) turn the salt into a configuration parameter<br><br>Why? I mean, if I change the salt value (if someone figured it and modified his dictionary to it), noone would be able to login any more.... you could(and probably should) turn the salt into a configuration parameter

Why? I mean, if I change the salt value (if someone figured it and modified his dictionary to it), noone would be able to login any more….

]]> By: Chris Hepner http://buildingbrowsergames.com/2008/07/15/securing-our-hashes-php/comment-page-1/#comment-181 Chris Hepner Sun, 30 Nov 2008 23:08:12 +0000 http://buildingbrowsergames.com/?p=84#comment-181 It doesn't matter much, but it isn't necessary to nest the md5() function within mysql_real_escape_string() as you will never have to escape a hexadecimal string. <br><br>While it usually works regardless, HTTP/1.1 requires you to use an absolute URL in header redirects. Example from php manual below:<br><br>/* Redirect to a different page in the current directory that was requested */<br>$host = $_SERVER['HTTP_HOST'];<br>$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\');<br>$extra = 'mypage.php';<br>header("Location: <a href="http://%24host%24uri/%24extra%22%29;" rel="nofollow">http://$host$uri/$extra");</a><br>exit(); It doesn't matter much, but it isn't necessary to nest the md5() function within mysql_real_escape_string() as you will never have to escape a hexadecimal string.

While it usually works regardless, HTTP/1.1 requires you to use an absolute URL in header redirects. Example from php manual below:

/* Redirect to a different page in the current directory that was requested */
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\');
$extra = 'mypage.php';
header(”Location: http://$host$uri/$extra“);
exit();

]]>