louis gonzales <[EMAIL PROTECTED]> wrote:
> Hello Dist,
> What are some best practices on an initial form taking a PW/ID from a
> user to login.
Personally and professionally, I prefer to maintain my account structure in an
external database, such as LDAP, and let the webserver do the actu
Andrew/Ron(Savage),
I appreciate both of your feedback! Many of the concerns you've pointed
out are the exact ones I want to address. I think that https: with
SSL/TLS is probably the first and foremost step to safeguard, secondly,
using some form of hashed password. I'm always interested in
louis gonzales wrote:
Hello Dist,
What are some best practices on an initial form taking a PW/ID from a
user to login. Right now one method which seems to be really
unsecured, is to take them, check them against the PW/ID stored in the
database and permit/deny against that. And for passing t
On Thu, 26 Oct 2006 14:36:41 -0400, louis gonzales wrote:
Hi Louis
> What are some best practices on an initial form taking a PW/ID from
> a user to login. Right now one method which seems to be really
> unsecured, is to take them, check them against the PW/ID stored in
How about storing a cypt
Hello Dist,
What are some best practices on an initial form taking a PW/ID from a
user to login. Right now one method which seems to be really unsecured,
is to take them, check them against the PW/ID stored in the database and
permit/deny against that. And for passing this info - or a token -
