On Oct 27, Alexander Burger scribed: > > Why not? > > Nobody could stop me anyway. I could trace the program during execution, > for example, to get the passwords. >
Pardon me for jumping in (short time lurker; reading the archives alot). In general, I've always designed systems with passwords stored in a database as a one-way hash so that if the database gets compromised, you're not giving up users' passwords (it's a PITA to tell everyone to change their password). I encrypt the passwords in the browser (using the same algorithm) and always transmit an encrypted password. There's no place to peek. I provide a one-time link to a password reset page if they forgot their password. That's sent to the email on file (which they gave me). hth, Dave -- UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe
