For best practices-sake, if the user forgets their password, you should
only be able to generate a new one and email it out, and let the user
change it to something else.
-w
At 10:46 PM 1/4/2004, you wrote:
>Cameron Childress wrote:
> >
> > Phew, that was a long answer....
>
>Yes, and very useful as are the other responses. That's what I was
>looking for.
>
>I already have the random, strong password generation part down. I
>wasn't going to hash the password because the web app info really
>isn't terribly private or valuable, but now I see why hashing is still
>a "good thing."
>
>And if I understand it correctly, you can't un-hash a stored variable
>to read it, but can only compare a hashed Form.Password variable
>against what's stored in the db. Is that right?
>
>Finally, are there any MS Access issues with hashing?
>
>Thanks again.
>
>-------------
>Regards,
>Bob Haroche
>O n P o i n t S o l u t i o n s
>www.OnPointSolutions.com
>
>----------
>[
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
