- Original Message -
From: "Benjamin Pflugmann" <[EMAIL PROTECTED]>
To: "Mike Hall" <[EMAIL PROTECTED]>
Cc: "Michael Collins" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Sunday, August 11, 2002 7:05 PM
Subject: Re: [OT] assigning ne
Hi.
I drag this a bit to off-topic here, but the answer below brings up a
question which bothered me for some time...
On Sun 2002-08-11 at 17:30:46 +0100, [EMAIL PROTECTED] wrote:
> An easier (and more secure) way, surely, is to use one-way encryption... and
> if a user forgets his/her password,
At 19:51 +0200 8/11/02, Benjamin Pflugmann wrote:
>Hi.
>
>On Sun 2002-08-11 at 12:07:47 -0500, [EMAIL PROTECTED] wrote:
>> At 9:25 -0700 8/11/02, Michael Collins wrote:
>[...]
>> >SELECT * FROM MYDB
>> >WHERE EmailAddress=$EmailEntered AND
>> >DECODE(LoginPassword,'MySalt')=$PasswordEntered
>>
Hi.
On Sun 2002-08-11 at 12:07:47 -0500, [EMAIL PROTECTED] wrote:
> At 9:25 -0700 8/11/02, Michael Collins wrote:
[...]
> >SELECT * FROM MYDB
> >WHERE EmailAddress=$EmailEntered AND
> >DECODE(LoginPassword,'MySalt')=$PasswordEntered
>
> If you write the query like that, yes, it will use a compl
At 12:07 PM -0500 8/11/02, Paul DuBois wrote:
>If you write the query like that, yes, it will use a complete scan.
>But you could also use
>
>... AND LoginPassword = ENCODE($PasswordEntered,'MySalt')
>
>which doesn't perform a calculation on the LoginPassword column and thus
>can use an index. Th
At 9:25 -0700 8/11/02, Michael Collins wrote:
>I want to securely store a value that is used as a password to log
>someone into a Web application. I also want to be able to allow the
>user to search for their email address and have their password sent
>back to them (in readable form). Encrypt,
At 9:54 AM -0700 8/11/02, Mike Wexler wrote:
>>I would think that using the SQL shown would require a table scan,
>>meaning that each and every record in the visitors table must be
>>examined, the LoginPassword decoded and compared. There is also no
>>way to index this field. I do not think thi
Message -
From: "Michael Collins" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 11, 2002 5:25 PM
Subject: Need reversible encryption as string
>
> I want to securely store a value that is used as a password to log
> someone into a Web application.
I want to securely store a value that is used as a password to log
someone into a Web application. I also want to be able to allow the
user to search for their email address and have their password sent
back to them (in readable form). Encrypt, MD5, and Password are
non-reversible and thus wi
