Hi, no offense - but I'd NEVER NEVER EVER send the MD5-ed PW or store an MD5 hash in the directory. Rather, I regard it paramount to send the password as-is (through an encrypted channel) and have the directory store it WITH A SALT value. Furthermore, you should bind against the directory instead of comparing the hashes. This way, you're free of bothering about the PW and can have the directory folks do it (in fact, Active Directory - for instance - does not show the pw(hash) at all... Good luck! Sebastian
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/vPsNO4E4X6YJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.