On Fri, 2002-11-22 at 01:05, RXZ JLo wrote: > I want to introduce the concept of users in my web > application. I want to know how to store passwords > securily on the server side. How do people deal with > passwords usually? Any documentation/guides on this > would also do.
It all depends on what kind of access you are trying to protect. If this is a low-security thing, it might be useful to be able to mail users their passwords if they forget them. In that case you would store them in plain text. If it's higher security, you might store them as a SHA1 hash, so that if they lose a password, they have to have a new one generated. If it's even higher security, maybe you shouldn't be using passwords at all. As in ALL areas related to security, how you do it depends on the value of what you are trying to protect. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
