On Wed, 18 Oct 2000, Rob Keniger spake thusly:
> on 10/18/00 8:03 PM, Neil Clark at [EMAIL PROTECTED] wrote:
>
> > Not sure what you mean - there is a unique key for every user... Also how
> > are you giving *every user* access the DB? are you talking about when the
> > user is at the machine or via the web?
>
> *IF* your site is hacked and someone gets full access to the database, if
> you store the key as well as the encrypted password then all the user
> passwords are there for the taking. If you encrypt then with a one-way hash
> instead the passwords are still secure and cannot be decrypted even to a
> user with full access.
>
> Mind you, this probably doesn't matter because if someone gets access to the
> database they probably wouldn't care about the user passwords anyway.
thats why we are setting up a 'password' server seperate from all our hosting
servers, that will only store hashed passwords.....
>
> --
>
> Rob Keniger
>
> big bang solutions
>
> <mailto:[EMAIL PROTECTED]>
> <http://www.bigbang.net.au>
>
>
>------------------------------------------------------------------------------------------------
> Archives: http://www.mail-archive.com/[email protected]/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
>with 'unsubscribe' in the body to [EMAIL PROTECTED]
--
#include <disclaimer.h>
***********************************************
Jon Tillman
LINUX USER: #141163
ICQ: 4015362
http://www.eruditum.org
[EMAIL PROTECTED]
JAPH
***********************************************
Be alert, the world needs more lerts
***********************************************
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
