On Thu, 26 Oct 2006 14:36:41 -0400, louis gonzales wrote: Hi Louis
> What are some best practices on an initial form taking a PW/ID from > a user to login. Right now one method which seems to be really > unsecured, is to take them, check them against the PW/ID stored in How about storing a cyptographic hash - a digest - of the password in the database? A module like Javascript::SHA1 can embed the hashing code in the HTML form, and then you only transmit the digest across the internet (when the form is submitted). This is a large and fascinating topic. -- Cheers Ron Savage, [EMAIL PROTECTED] on 27/10/2006 http://savage.net.au/index.html Let the record show: Microsoft is not an Australian company
