On Apr 23, 2014, at 2:41 PM, [email protected] wrote:
> And how do you handle getting rid of prior access when the user updates his > password? You don't want his old password to work. You would generate a new salt when they update their password, and save that salt with the user. If they submit their old password, the new salt will result in an invalid hash. -- Ed Leafe --- StripMime Report -- processed MIME parts --- multipart/signed text/plain (text body -- kept) application/pgp-signature --- _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
