Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: How should passwords be stored in a database?

Re: How should passwords be stored in a database?

From: ccryptikk <kb_at_shadowplay.net.removethis>
Date: Tue, 04 Sep 2001 03:52:05 GMT
Message-ID: <3b944ebd.8271173@news.mts.net> 





>

>Of course using hashed passwords does not mean an intrder cannot insall a

>trojan, so using secure passwords is not as important as one might think.

>Especially since the DB can be protected independendly from the Web

>Application and the tool verifying the passwords does not need to hand them

>out




ummm isnt protecting from a trojan handled if you use tripwire on your
production boxes? you aren't suposed to allow "anyone" 
the ability to modify your aplications anytime they like.



personally i do what linux does... one way crypts
your salt choice... worse case.. if your system
gets compromised the least likely thing they will do is
bother with the data inside the db.. unless fo course 
your handleing CCnumbers... (and storing them) 



at which point in time i might personaly take you out back and
shoot you.... 



ccryptikk... 


kenneth brown.
Received on Mon Sep 03 2001 - 22:52:05 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US