[fpc-pascal] howto store passwords
Ralf Quint
freedos.la at gmail.com
Mon Nov 2 05:29:29 CET 2015
On 11/1/2015 7:50 PM, Anthony Walter wrote:
> Ideally you shouldn't store passwords at all. You store the hash to
> the password. In this way, someone at your business, or someone with
> access to your business, or if someone mistakenly installs some
> malicious software, your users passwords can never be retrieved.
>
> When someone logs into your software/site they send their password.
> Your server then converts that password to a hash and compares it to a
> hash associated with their account, and the password then goes away.
> No one can steal your customer password list since they are never
> stored and thus cannot be compromised.
>
The downside of that approach however is that it this opens up the
possibility to create a matching hash on "inappropriate" passwords (too
short, easy to look up/guess) and hence get access...
Ralf
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the fpc-pascal
mailing list