05-10-2010, 02:29 PM
OpenDocMan uses MySQL's PASSWORD function to hash stored user passwords. This is not considered a secure practice and is explicitly discouraged in the MySQL documentation itself:
(emphasis theirs)
Quote:The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.
(emphasis theirs)