> At server side I use > the usercode to query a password database to retreive the password > and I compute the same hash code. > use LogonUser API from advapi32.dll.
> I don't have a password database. These statements seem contradictory to me, if you can compute the hash from the database, you must be storing it clear (or so it can be decoded) which you can use for the API? If you are worried about storing clear passwords in a database, assuming this is a single server, you could use the Local Security Authority (LSA) protected subsystem of Windows, saved in the registry under the protected key: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\. This is where Windows stores email, RAS and network passwords, I have some code that supports this as part of my RAS component. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
