I'm storing some passwords in a database using PHP+MySQL
我使用PHP+MySQL在数据库中存储一些密码。
I realise that MD5 is not a secure method to store passwords, but for now I'm using it mainly to ensure that regardless of the length of the password, it can be stored in the database easily.
我意识到MD5不是存储密码的安全方法,但现在我主要是使用它来确保不管密码的长度如何,它都可以很容易地存储在数据库中。
For that I'm hashing the password using PHP and storing it in the database.
为此,我使用PHP哈希密码并将其存储在数据库中。
Is there any practical limit on the length of a password I can store using this manner?
使用这种方式存储密码的长度是否有实际限制?
(security is not of importance here, I am using the hashing only for convenience)
(这里的安全并不重要,我只是为了方便而使用哈希)
1 个解决方案
#1
4
No, you do not have to limit the length. PHP already contains some safety checks on the maximum request size to avoid malicious users from filling up your memory.
不,你不必限制长度。PHP已经包含了一些关于最大请求大小的安全检查,以避免恶意用户填充您的内存。
But as you mentioned: MD5 is NOT ACCEPTABLE to hash passwords. Neither is any other hashing algorithm unless you use it with a salt!
但是正如您提到的:MD5不能接受哈希密码。任何其他的散列算法都不是,除非你用盐!
#1
4
No, you do not have to limit the length. PHP already contains some safety checks on the maximum request size to avoid malicious users from filling up your memory.
不,你不必限制长度。PHP已经包含了一些关于最大请求大小的安全检查,以避免恶意用户填充您的内存。
But as you mentioned: MD5 is NOT ACCEPTABLE to hash passwords. Neither is any other hashing algorithm unless you use it with a salt!
但是正如您提到的:MD5不能接受哈希密码。任何其他的散列算法都不是,除非你用盐!