> I read some comments the other day on the list about using hash() to
> store passwords in a database and someone sent a link to a microsoft
> document explaining the security benefits to storing passwords that
> way.
Do what Jochem said.
Make sure the salt value *cannot* change or the salt will break your
verification method. I use a UUID, added to the record at insertion
and stuck with it forever.
HtH,
--------------------------------------------
Matt Robertson [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
--------------------------------------------
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
