On January 18, 2010 01:34:15 pm Tompkins Neil wrote: > Hi > > I'm in the process of designing a login system to a secure web page using > MySQL. One of the features is we need to record and ensure that the user > password is different from any of the last four passwords he/she has used. > I was thinking of create four fields called Password1, Password2, > Password3 and Password4 to record the old passwords. > > Is this a preferred method - or does anyone else have any recommendations ? > > Thanks, > Neil > I'm not an awesome database designer, most of what I do is code related stuff, I think what I would do for this is 1. hash the password( sha256/512 whatever) and then 2. store the hash in a string with delimiters. In that way, you solve 2 problems. You can store as many as you want to because you can just check hashes to make sure it isn't the same, and second, you aren't storing passwords in plain- text, which is a personal pet peeve. -- In the stairway of life, you'd best take the elevator.
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
