On Tue, Dec 22, 2009 at 3:54 PM, Sam <[email protected]> wrote: > Another question is this. How do most apps handle having separate users and > passwords > or is this just the same deal with encryption?
No. Or it shouldn't be. Passwords should be stored using *one* way encryption like message digests (MD5.) i.e. user sets up their password, you encrypt it, and store the result. When they come back to use the password, you take it, encrypt it, and see if it matches what you stored earlier. When you have lots of users, 'salt' is usually added in this procedure (effectively a different pre/suffix for each user which is also stored in the database.) Should be enough there to google for. Incidentally, any web service that can email you your (forgotten) password (as opposed to a link to reset it) aren't doing the above. They have, somewhere, a list of user IDs and plaintext passwords available. -- PJH http://shabbleland.myminicity.com/ http://www.chavgangs.com/register.php?referer=9375 http://www.kongregate.com/?referrer=Shabble
