On 12/10/2012 9:55 PM, Stephen Russell wrote:
If the salted PW results are in a table with NO KEY to the user. Any good password inbound will be salted and that result is found in the table. If part of the salt is in the user row, its PK or part of it if a GUID, or another column then it is exposed. Or any good password will work because there is no tie back to the user.
Hence the reason you'd want some tie back to the user I guess? -- Mike Babcock, MCP MB Software Solutions, LLC President, Chief Software Architect http://mbsoftwaresolutions.com http://fabmate.com http://twitter.com/mbabcock16 _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
