PHPBuilder.com has a new article by Hillel Aftel about his method of choice for securing the data that you send over the GET string when moving things around on your site.

In this article I'm going to show you how you can use PHP to encode your data for transit. Most importantly, it will be done in a way that makes the data decodable, and therefore much more usable, by the receiving page.

His encryption method - sending everything in a single string and modifying the scheme each time - uses static pairs of values (of your choosing) to "encode" the outgoing string. It actually consists of three different files: the script itself, a single-use script that makes the third file, an include file to handle the conversion back from the encoded results.

Richard Lord has posted a new entry today talking about working with passwords and keeping them secure:

If you build websites that require users to register it's your responsibility to keep their passwords safe. And if you're storing the passwords in plain text then you're not doing your job properly. [...] There's always a chance your database could be stolen. So, the simple rule is to hash your passwords.

His post talks about hashing with simple examples and a mention of an additional method of protection against the database of hashed passwords being stolen - salting the stored values.