Re: Alternatives to storing a user's password in your database

Author: MB Software Solutions, LLC

Posted: 2011-12-20 at 17:25:44

On 12/20/2011 5:16 PM, Ed Leafe wrote:

> You should never store passwords. Instead, you should store a hash of the password. When the user logs in, you hash the supplied password and compare it to the stored hash. If they match, the password was valid.

That's what I'm attempting to do....but with a checksum. So I should

use the HASH() function instead and store the 64 byte character string

instead of the 10 digit # generated from the checksum?

--

Mike Babcock, MCP

MB Software Solutions, LLC

President, Chief Software Architect

http://mbsoftwaresolutions.com

http://fabmate.com

http://twitter.com/mbabcock16

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://leafe.com/mailman/listinfo/profox

OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/4EF10B68.8010509@mbsoftwaresolutions.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2011 MB Software Solutions, LLC