Don't save an encrypted password -- save a hash of the password and when you
want to validate it, has the password the user gave you and compare the
hash's -- this way it doesn't matter if you get hacked, no-one can get your
passwords.
Clayton
----- Original Message -----
From: "Bryan LaPlante" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 15, 2001 8:29 PM
Subject: data encryption
> What is everyone using for saving encrypted passwords to a database. I was
> looking at Java.Security and thought that maybe public abstract class
> Signature might offer some solutions for doing this.
>
> Thought?
>
> Bryan LaPlante
> 816-347-8220
> [EMAIL PROTECTED]
> http://www.netwebapps.com
> Web Development
>
>
===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
