Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Secure storage of Web user's passwords in a database

Re: Secure storage of Web user's passwords in a database

From: Tommy Wareing <p0070621_at_brookes.ac.uk>
Date: 1998/10/13
Message-ID: <36237697.3462949@news.brookes.ac.uk>#1/1

On Mon, 12 Oct 1998 21:21:16 +0300, Kudryavtsev Georgiy <georgiy_at_online.ru> wrote:

>I'm looking for method to close web user's passwords
>storing in database table.
>It's a bad idea to store open passwords
>in field of table and I suppose many people meet this problem
>and there is a way to solve it.

I haven't worried about it: the user that the webserver connects as only uses the password table to authenticate the html form that is submitted. It never touches it again, and no access is granted to any other user... It does have the advantage that I can tell people what their password is when they forget.

Yes, it does have the disadvantage that if anybody cracks the password used by the webserver connection then they have access to all the passwords of the web users. But by then they have access to the rest of the database anyway. <shrug>

--
Tommy Wareing
MIS Group
Learning Resources
Oxford Brookes University
01865 483389
Received on Tue Oct 13 1998 - 00:00:00 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US