[fpc-pascal] howto store passwords

Ralf Quint freedos.la at gmail.com
Mon Nov 2 05:29:29 CET 2015

On 11/1/2015 7:50 PM, Anthony Walter wrote:
> Ideally you shouldn't store passwords at all. You store the hash to 
> the password. In this way, someone at your business, or someone with 
> access to your business, or if someone mistakenly installs some 
> malicious software, your users passwords can never be retrieved.
> When someone logs into your software/site they send their password. 
> Your server then converts that password to a hash and compares it to a 
> hash associated with their account, and the password then goes away. 
> No one can steal your customer password list since they are never 
> stored and thus cannot be compromised.
The downside of that approach however is that it this opens up the 
possibility to create a matching hash on "inappropriate" passwords (too 
short, easy to look up/guess) and hence get access...


This email has been checked for viruses by Avast antivirus software.

More information about the fpc-pascal mailing list