[fpc-pascal] howto store passwords
sysrpl at gmail.com
Mon Nov 2 04:50:03 CET 2015
Ideally you shouldn't store passwords at all. You store the hash to the
password. In this way, someone at your business, or someone with access to
your business, or if someone mistakenly installs some malicious software,
your users passwords can never be retrieved.
When someone logs into your software/site they send their password. Your
server then converts that password to a hash and compares it to a hash
associated with their account, and the password then goes away. No one can
steal your customer password list since they are never stored and thus
cannot be compromised.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the fpc-pascal