On Dec 10, 2012, at 3:40 PM, "MB Software Solutions, LLC"
<[email protected]> wrote:
> Ok...not storing the actual password value but a salted HASH value instead.
> Question here: store field in same table as userid or separate for possible
> increased security?
Generally, best practices is to have a separate table containing just
the hash values, with no link to the user. The user table contains each user's
salt value. When the user submits their password, hash it with their salt, and
if the value is somewhere in the table of hash values, it is a match. The odds
of anything else hashed with their unique salt matching another hash value is
infinitesimal.
Read item #8 here:
http://www.realsoftwareblog.com/2012/12/10-tips-to-improve-password-security.html
( -or- http://j.mp/RZdcnU )
-- Ed Leafe
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
