--- In [email protected], Paul Herring <pauljherr...@...> wrote:
>
> On Tue, Dec 22, 2009 at 3:54 PM, Sam <glo...@...> wrote:
>
> > Another question is this. How do most apps handle having separate users and
> > passwords
> > or is this just the same deal with encryption?
>
> No. Or it shouldn't be.
>
> Passwords should be stored using *one* way encryption like message
> digests (MD5.)
> i.e. user sets up their password, you encrypt it, and store the result.
> When they come back to use the password, you take it, encrypt it, and
> see if it matches what you stored earlier.
>
> When you have lots of users, 'salt' is usually added in this procedure
> (effectively a different pre/suffix for each user which is also stored
> in the database.)
>
> Should be enough there to google for.
>
> Incidentally, any web service that can email you your (forgotten)
> password (as opposed to a link to reset it) aren't doing the above.
> They have, somewhere, a list of user IDs and plaintext passwords
> available.
>
> --
> PJH
>
Thats perfect thanks all
I have loads now to research now that i know how it is ment to work
G
