This is also fine but there comes situations where we need to send the password to the user. I faced this situation with my client and we had to move from Md5 algo to Cryptography.
-----Original Message----- From: Clayton Nash [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 04, 2002 3:50 PM To: [EMAIL PROTECTED] Subject: Re: Password encryption Both of these replies are good, but what you really want to do is MD5 or SHA encode the password and store the hashed result. Then when the user enters their password, you apply the same algorithm to that, and compare the results. Advantage is that you never store the user's password so even if someone get's the list of passwords, they can't decode them -- in theory no-one ever can. Clayton ==========================================================================To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
