John Kaspar <mailto:[EMAIL PROTECTED]> on Thursday, September 18, 2003 4:05 PM said:
> I'm just storing its hash. Then comparing it to the database hash. > Is that bad? Is there a good write-up somewhere discussing > authentication techniques that you could recommend? Oh I should respond to this as well. This is just a little better than storing a plain text password. Reason being that the next person that uses that computer can read the cookie and steal the hash. They would then be able to reverse* it and get the password so they could log in like a normal user. Chris. * By reverse I don't mean "decrypt" or "unencrypt". -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
