Re: [PHPLIB-DEV] Incompatible change to active_sessions and auth_user From: Adam N. Thompson, MCNE, MCSE (athompso <email protected>)
Date: 11/08/99

Massimiliano Masserelli wrote:
> And, please, since we're breaking compatibility, could we name the fields
> in the db with a "safe" prefix (like I did for active_sessions_split
> and blob_sql)? Something like php_sid, php_name, etc...

Yes! Oh Yes! Ohhhh... I'm going to faint... :-)

This would be a REALLY good idea. I've already had developers
accidentally munge data because of namespace overlaps. (Don't ask me
how they managed to do it, they just did.)

KK: commit what you've got, (to a separate branch if need be) and I'll
fix the column names using /bin/ed if I have to...

> Apart from that, I like the proposed changes, expecially those related to
> auth_user. Maybe we should force the usage of encrypted pwds in the db,
> I'm not quite sure about it, but maybe it could be a GOOD THING(tm).

Are you referring to the enforcing the use of auth_md5 ? If it worked
universally, I would agree with you, but it still does not work
everywhere. OTOH, doing a one-way (or even two-way) crypt() into the
database and evaluating it the same way, say, a unix password gets
checked, would be a Good Thing. I think auth_md5 is supposed to work
this way transparently - in which case I'm OK with this in concept.

I need to find out why the md5 thing isn't working for me, though,
before I get completely happy about it. Which is really a separate
issue. Is anyone else having problems with it?

-Adam 

-- 
-Adam Thompson, MCNE, MCSE, CWT, A+
 Vice-President / Chief Technology Officer
 Commerce Design Inc.
 athompso <email protected> 
 tel: (204) 942-1648
 fax: (204) 989-8080

- PHPLIB Developers Mailing List. Send messages to <phplib-dev <email protected>>. To unsubscribe, send "unsubscribe" to <phplib-dev-request <email protected>> in the body, not the subject, of your message.