Henrik Schak Hansen wrote: > > Regarding storing the key: > I have username/passwords in a database which dosn't offer a encryption > function, so I encrypt the password using perl, but the key is stored in a > text file, so if anybody get access to the server they would be able to > retrieve all the passwords. (btw i'm running windows) > Any suggestions on how to do this better ?
Do a one-way encryption with crypt builtin and then if they forget their password, set it to a known value for them and let them change it from a form input. That should be safest method. I never store raw user passwords. _______________________________________________ ActivePerl mailing list [email protected] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
