Yaaa thats what we did in one project. no other solution as client already had a large data and the application has used MD5 so we had no other option.
But for other client where we had built the application from scratch wanted this facility so here we used Cryptography. We tried to convince him a lot regarding security issue but he never listened to us. In a way he was right as their business process was like that only and we were asking him to change his business process slightly on which he said no. -----Original Message----- From: Clayton Nash [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 04, 2002 4:53 PM To: [EMAIL PROTECTED] Subject: Re: Password encryption We've seen this problem as well -- in this case we simply create a new password for the user and ask them to change it first time they log on. Clayton -----Original Message----- From: A mailing list about Java Server Pages specification and reference [mailto:[EMAIL PROTECTED]] On Behalf Of Bhushan_Bhangale Sent: 04 July 2002 11:29 To: [EMAIL PROTECTED] Subject: Re: Password encryption This is also fine but there comes situations where we need to send the password to the user. I faced this situation with my client and we had to move from Md5 algo to Cryptography. -----Original Message----- From: Clayton Nash [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 04, 2002 3:50 PM To: [EMAIL PROTECTED] Subject: Re: Password encryption Both of these replies are good, but what you really want to do is MD5 or SHA encode the password and store the hashed result. Then when the user enters their password, you apply the same algorithm to that, and compare the results. Advantage is that you never store the user's password so even if someone get's the list of passwords, they can't decode them -- in theory no-one ever can. Clayton ========================= To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com ==========================================================================To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com