Well, mySQL translates bool as a byte field anyway, so you're adding a byte to each record - but who cares? Even with a million users, that's only one MB additional, and disk space is cheap. I know it bothers some people's delicate sensibilities, but I feel this is a bad argument for putting authentication in a whole separate table.

Am I correct that the MD5 hashes are only crackable if you can get your hands on a sample of the database contents, and can figure out what items are going into the hash? If so, it doesn't really matter much that MD5 is crackable, since if your database is open to intruders, your site is probably already doomed. All the intruder has to do is rewrite your login page to save user names and passwords to a file, or send fake authentication emails to people, or a wide variety of other methods.

Yes, long URLs can be a problem, and I suppose you could save the timestamp in the database and send only a user ID and hex hash key. I don't think injection is a major likelihood though if you only access the record based on user ID, and untaint that before passing it to the database. The only variable you're sending the database is an integer, which is easily verified.

In reply to Re: Easy Account Email Verification by TedPride
in thread Easy Account Email Verification by debiandude

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.