Makes sense.......thank you!
On Jan 10, 2011, at 2:28 PM, gshegosh wrote:
>> MessageDigest md = MessageDigest.getInstance("SHA-1");
>> Does anyone have example code of how to decode the encrypted value from the
>> code above?
>
> The whole point of hashing passwords (with per user salt for best
> results) is that if a bad guy steals the database, (s)he won't be able
> to recover passwords in clear text -- hashing algorithms are thus
> one-way (or in an ideal world they would be).
>
> If you're hashing passwords, You don't "unhash" them. Just write a
> testPassword(String userGivenPassword) method that hashes the string
> user entered in the password field (using salt chosen based on login
> s/he entered) and compares the hash to the one you have in the db.
>
> HTH
>
> ------------------------------------------------------------------------------
> Gaining the trust of online customers is vital for the success of any company
> that requires sensitive data to be transmitted over the Web. Learn how to
> best implement a security strategy that keeps consumers' information secure
> and instills the confidence they need to proceed with transactions.
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> Stripes-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
Joaquin Valdez
[email protected]
------------------------------------------------------------------------------
Gaining the trust of online customers is vital for the success of any company
that requires sensitive data to be transmitted over the Web. Learn how to
best implement a security strategy that keeps consumers' information secure
and instills the confidence they need to proceed with transactions.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
