Search Postgresql Archives

Re: password cookie

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 25, 2006 at 03:49:54PM +0200, Willy-Bas Loos wrote:
> So as a temporary compromise, we decided to store the username and password
> in a cookie on the client PC, which is of course a serious weakness.
> 
> Can anyone give me some advise on how to do this a better way, without
> consuming too much time, or is this the best thing to do in such a
> situation?

The usual workaround I'm familiar with is to set a hash of some sort
that is the user, password, and some salt.  Then you authenticate
against that hash in your application, so that you never actually
send these values, nor store them anywhere except the database.

A

-- 
Andrew Sullivan  | ajs@xxxxxxxxxxxxxxx
"The year's penultimate month" is not in truth a good way of saying
November.
		--H.W. Fowler


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux