I don't know. Probably against some attempts to break the security. Is this secure enough? The passwords are stored in a hex format after md5hash conversion.
Regards, Martin -----Original Message----- From: Thomas Kappler [mailto:[email protected]] Sent: Wednesday, February 03, 2010 6:28 PM To: [email protected] Subject: Re: webapp authentication On 02/03/10 17:20, Martin Asenov wrote: > I need only to authenticate users when they attempt to login. > > Not just call something like this: > > User user = MyUtilities.getUserByCredentials(name, password); > > if (user == null) return false; > else ...do further processing > > I want something more secure than this. What security problems do you see here? Either the database can authenticate this user/password combination, or it can't. -- Thomas -- ------------------------------------------------------------------- Thomas Kappler [email protected] Swiss Institute of Bioinformatics Tel: +41 22 379 51 89 CMU, rue Michel Servet 1 1211 Geneve 4 Switzerland http://www.uniprot.org ------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
