Yaaa thats what we did in one project. no other solution as client already had a large 
data and the application has used MD5 so we had no other option.

But for other client where we had built the application from scratch wanted this 
facility so here we used Cryptography. We tried to convince him a lot regarding 
security issue but he never listened to us. In a way he was right as their business 
process was like that only and we were asking him to change his business process 
slightly on which he said no.

-----Original Message-----
From: Clayton Nash [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 04, 2002 4:53 PM
To: [EMAIL PROTECTED]
Subject: Re: Password encryption


We've seen this problem as well -- in this case we simply create a new
password for the user and ask them to change it first time they log on.

Clayton

-----Original Message-----
From: A mailing list about Java Server Pages specification and reference
[mailto:[EMAIL PROTECTED]] On Behalf Of Bhushan_Bhangale
Sent: 04 July 2002 11:29
To: [EMAIL PROTECTED]
Subject: Re: Password encryption


This is also fine but there comes situations where we need to send the
password to the user. I faced this situation with my client and we had
to move from Md5 algo to Cryptography.

-----Original Message-----
From: Clayton Nash [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 04, 2002 3:50 PM
To: [EMAIL PROTECTED]
Subject: Re: Password encryption


Both of these replies are good, but what you really want to do is MD5 or
SHA encode the password and store the hashed result. Then when the user
enters their password, you apply the same algorithm to that, and compare
the results. Advantage is that you never store the user's password so
even if someone get's the list of passwords, they can't decode them --
in theory no-one ever can.

Clayton

=========================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set
JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found
at:

 http://archives.java.sun.com/jsp-interest.html
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.jsp
 http://www.jguru.com/faq/index.jsp
 http://www.jspinsider.com

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://archives.java.sun.com/jsp-interest.html
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.jsp
 http://www.jguru.com/faq/index.jsp
 http://www.jspinsider.com

==========================================================================To 
unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://archives.java.sun.com/jsp-interest.html
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.jsp
 http://www.jguru.com/faq/index.jsp
 http://www.jspinsider.com

Reply via email to