Andy and Kim Mills wrote: > I was wondering how you encrypt a password in a database, and how do you > check that encrypted password using a login screen from ASP?
The best way is to use one-way hash algorithms (e.g. MD5). You would hash the password before storing it in your database. When a user tries to log in, you would hash the password entered, and compare the two hashes. (Notice that the security stems from the fact that you cannot unhash it.) This also means that you cannot let users "retrieve lost passwords". All you can do is to assign them a new password if they lost theirs. This is also nice because even the administrator does not know the password which is often used for other sites. -- Regards, Manas. __________________________________________________________________________ Manas Tungare, http://www.manastungare.com/ ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/17folB/TM --------------------------------------------------------------------~-> --------------------------------------------------------------------- Home : http://groups.yahoo.com/group/active-server-pages --------------------------------------------------------------------- Post : [EMAIL PROTECTED] Subscribe : [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] --------------------------------------------------------------------- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/active-server-pages/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
