Search the Community
Showing results for tags 'hash'.
BACKGROUND: I was recently introduced to the idea of using a hash as a means to transfer information in lieu of a query string in an HTTP request. Having thought that I understood the idea I was then introduced to the following query string: https://www.example.com/index.php ?module=CoreHome &action=index &idSite=1 &period=day &date=yesterday #?idSite=1 &period=day &date=yesterday &category=Dashboard_Dashboard &subcategory=1 I do not understand the user the expression ... #? ... From the point of view of parsing an HTTP request are the following two hash expressions treated the same? 1) https://www.example.com/index.php#blahblahblah 2) https://www.example.com/index.php?some_query_string#blahblahblah Accept for the order of parsing do items 2) and 3) achieve the same task? 3) https://www.example.com/index.php#blahblahblah?some_query_string Roddy ps: In which forum to questions about HTTP requests belong anyway?
Before I begin, I tried to do some research about this subject (the Search field seems its broken and through google was a little bit painful) in the forum, so I'd like to apologise if I'm repeating it once again. I have read some articles about hashing passwords saying that md5 and sha1 are no longer safe and should use better hashing algorithms, how to hash passwords properly by avoiding double hashing, hashing with different algorithms etc etc, so I 've come up with some questions/spots that I haven't cleared them out completely. 1. Doing just this is consinder no safe, although md5 and sha1 cannot be reversed: $password=md5('my_sercretpassword123'); //for instance my password is my_sercretpassword123 although its a bad practice$password=sha1('my_sercretpassword123'); My first question is If I use one of these, using a salt isn't consider safe? eg: $password= 'my_sercretpassword123';$salt = 'lorem_ipsumd0l0rs1t@m3tc0ns3ct3tur@d1p1sc1ng3lit';$password = md5($password.$hash); //same with sha1 If anyone manages to crack this hash, will get the string 'my_sercretpassword123lorem_ipsumd0l0rs1t@m3tc0ns3ct3tur@d1p1sc1ng3lit', which isn't the actual password, right? 2. Supposing the 1st option note is not approved, then I guess I have use a better hashing algorithm like whirlpool or sha256, sha512 ect etc. So If I apply the same functionality like this: $password= 'my_sercretp@ssword123';$salt = 'lorem_ipsumd0l0rs1t@m3tc0ns3ct3tur@d1p1sc1ng3lit';$hashed_password = $password.$hash;$hashed_password = hash('whirlpool',$hashed_password); is it safe enough or I have better come with something more difficult?? I tried to google for some tutorials on this, just to get some ideas, but most of them, if not all, use plain md5 or sha1. Could you give me some examples or ideas on that?