Community Support for OpenDocMan (Deprecated)

Community Support for OpenDocMan (Deprecated) > OpenDocMan Community Discussion > OpenDocMan Feature Requests > Usage of MySQL's PASSWORD function in OpenDocMan
Full Version: Usage of MySQL's PASSWORD function in OpenDocMan
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

bps

05-10-2010, 02:29 PM
OpenDocMan uses MySQL's PASSWORD function to hash stored user passwords. This is not considered a secure practice and is explicitly discouraged in the MySQL documentation itself:

Quote:The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.

(emphasis theirs)

Stephen

05-14-2010, 05:02 PM
Fixed for next release.
Community Support for OpenDocMan (Deprecated) > OpenDocMan Community Discussion > OpenDocMan Feature Requests > Usage of MySQL's PASSWORD function in OpenDocMan