- For all password storage, use bcrypt. Don’t use salted md5, definitely don’t use plain text. Also, don’t email users their passwords. The crypt() function in PHP actually has the blowfish algorithm alternative built in for versions >5.3.0, though you may want to set up the system libraries yourself, to allow for updates.
- I recently invested in some IZZE sparkling juice. It’s pretty much carbonated juice cocktails. There are a few flavors and I’ve tried the Pomegranate, Clementine, and Grapefruit. Cranberry’s cranberry, Clementine is ok, Pomegranate could taste more like pomegranate, but is still good, and Grapefruit is probably the best. Grapefruit’s a little too sweet, so I like to add some tonic water. For drinkers, these would probably be great mixers. I get mine on Amazon, where they go on sale every once in a while for like $15 for 24.
- Speaking of security and carbonated things, you’ve got to check out Burp Suite. It is an amazing application for security testing web applications. It automatically fuzzes apps. For the click-lazy, fuzzing is just providing wildly invalid data where only a computer could think to put it. As soon as I develop something security-sensitive, ya’ll know I’m buying this.