Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Secure storage of Web user's passwords in a database

Re: Secure storage of Web user's passwords in a database

From: Tommy Wareing <p0070621_at_brookes.ac.uk>
Date: 1998/10/13
Message-ID: <36237697.3462949@news.brookes.ac.uk>#1/1 






On Mon, 12 Oct 1998 21:21:16 +0300, Kudryavtsev Georgiy
<georgiy_at_online.ru> wrote:



>I'm looking for method to close web user's passwords 

>storing in database table.

>It's a bad idea to store open passwords 

>in field of table and I suppose many people meet this problem 

>and there is a way to solve it.




I haven't worried about it: the user that the webserver connects as
only uses the password table to authenticate the html form that is
submitted. It never touches it again, and no access is granted to any
other user... It does have the advantage that I can tell people what
their password is when they forget.



Yes, it does have the disadvantage that if anybody cracks the password
used by the webserver connection then they have access to all the
passwords of the web users. But by then they have access to the rest
of the database anyway. <shrug>




--
Tommy Wareing
MIS Group
Learning Resources
Oxford Brookes University
01865 483389


Received on Tue Oct 13 1998 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US