in reply to Ecrypting passwords
As has already been mentioned you can use MD5 for turning your passwords into unrecoverable strings inside your database.
If you do this you read the password from the user, apply the MD5 function and compare the result with that in your database, this is fast, easy and very standard.
However it suffers from two "drawbacks":
- Your users are still sending their passwords in plaintext, unless you're using a secure server and HTTPS.
- You don't have the plaintext password in your database, so you cannot implement a "remind me of my password" function.
The first point may not be a big deal to you, I guess it depends upon the nature of your site.
The second point might be an issue if you have lots of forgetful users. In practise if you include a function for "resetting" your users passwords and mailing them a new one that will probably suffice.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Ecrypting passwords
by tilly (Archbishop) on Oct 06, 2003 at 00:51 UTC | |
by waswas-fng (Curate) on Oct 06, 2003 at 04:35 UTC | |
by tilly (Archbishop) on Oct 06, 2003 at 05:18 UTC | |
by Molt (Chaplain) on Oct 06, 2003 at 10:42 UTC | |
by tilly (Archbishop) on Oct 06, 2003 at 14:11 UTC | |
by iburrell (Chaplain) on Oct 06, 2003 at 21:47 UTC | |
by Willard B. Trophy (Hermit) on Oct 06, 2003 at 17:18 UTC | |
by bdonlan (Novice) on Oct 07, 2003 at 22:32 UTC | |
Re: Re: Ecrypting passwords
by crouchingpenguin (Priest) on Oct 06, 2003 at 01:02 UTC | |
by tilly (Archbishop) on Oct 06, 2003 at 01:11 UTC |
In Section
Seekers of Perl Wisdom