Re: Storing passwords in database as one way hash -The Solution

Rob Keniger Wed, 18 Oct 2000 04:17:25 -0700

on 10/18/00 8:03 PM, Neil Clark at [EMAIL PROTECTED] wrote:

> Not sure what you mean - there is a unique key for every user... Also how
> are you giving *every user* access the DB?  are you talking about when the
> user is at the machine or via the web?

*IF* your site is hacked and someone gets full access to the database, if
you store the key as well as the encrypted password then all the user
passwords are there for the taking. If you encrypt then with a one-way hash
instead the passwords are still secure and cannot be decrypted even to a
user with full access.

Mind you, this probably doesn't matter because if someone gets access to the
database they probably wouldn't care about the user passwords anyway.

-- 

Rob Keniger

big bang solutions

<mailto:[EMAIL PROTECTED]>
<http://www.bigbang.net.au>

------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message 
with 'unsubscribe' in the body to [EMAIL PROTECTED]

Re: Storing passwords in database as one way hash -The Solution

Reply via email to