On Wed, Jan 13, 2010 at 1:31 PM, MB Software Solutions, LLC <[email protected]> wrote: > Obviously storing passwords in plain text is stupid. Storing them > encrypted is good, but didn't someone say about storing the checksum or > hash value is best? Searching the ProFox archives... --------------------------
Whatever you store you need to separate that value from the key used to generate it. Your key could be the ID of a table that is joined. Users & UserGroups are frequent tables to storing user data. I add in a third table that is not at all named properly for security. OldBills could be a name. I join Users to OldBills and from OldBills I pull the key value that I pass to decrypting method. This was a mandate for CC security on stored data demanded by merchant banks in 2006 and I have followed it since. Oh yeah you cannot put the column UserID in oldBills ;-> -- Stephen Russell Sr. Production Systems Programmer SQL Server DBA Web and Winform Development Independent Contractor Memphis TN 901.246-0159 _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
