[S5 Slides] Security in Web Applications

Zipped source code: <a href="http://6.470.scripts.mit.edu/lectures/security/security_in_webapps_slides.zip" rel="nofollow">http://6.470.scripts.mit.edu/lectures/security/security_in_w...</a><p>Live source code: <a href="http://github.com/costan/security_in_webapps_slides" rel="nofollow">http://github.com/costan/security_in_webapps_slides</a>

1) Don't use anything fast (like md5) to hash your passwords. Use many-rounds of md5 or sha-1, or use something specifically designed for password hashing like eksblowfish<p>2) Don't escape your SQL, use parameterized queries

How good is md5 plus a 4-character (digits, actually, in the slides) salt?