Hi, i am just working on creating user accounts and would like some advice in regard to the password.
from what i have read i take it that the best way to deal with passwords is to only save the hashed version of the users password in the database. Then when the user attempts to log on, we take the password that they entered, hash it, and then compare it to the hashed version in the database. I just have a few questions: 1) is this the best way to do it? 2) can anyone advice on the best hashing algorithm to use, or any advice on this matter? Also can anyone provide me with a very short piece of code to show me how to hash the password? 3) seeing as we only have the hashed version of the password what happens if the user has forgotten their password? - do we have to reset their password to one that we know, get them to log on with it, and then ask them to change their password once they have logged on? thanks very much for any help anyone can provide ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:264560 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
