Author: Ed Leafe
Posted: 2011-12-20 at 17:16:05
On Dec 20, 2011, at 4:02 PM, MB Software Solutions, LLC wrote:
> As you might have seen from a previous thread, I was looking at using
> the checksum via SYS(2007) or Craig Boyd's CRC() function (from his
> vfpencryption71.fll) to store the person's password. I've never liked
> saving the actual password in the database.
You should never store passwords. Instead, you should store a hash of the password. When the user logs in, you hash the supplied password and compare it to the stored hash. If they match, the password was valid.
-- Ed Leafe
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/C01F0712-DCF5-448E-A37A-433B06B8ABB0@leafe.com
** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.