Re: Storing passwords in a DB (MD5)

Use the tried and true hash comparison method. Send the username/password pair over the wire encrypted with SSL so no one can sniff it. In the Perl script that grabs this variable, MD5 the password and insert/compare it to the database.

Jeremy

Comment on Re: Storing passwords in a DB (MD5)

Replies are listed 'Best First'.
Re: Re: Storing passwords in a DB (MD5) by dstar (Scribe) on Aug 13, 2001 at 22:31 UTC
I was hoping I could avoid SSL, so I could avoid the certificate thing. Ah well. Thanks.	[reply]
Re: Re: Storing passwords in a DB (MD5) by magikstik! (Initiate) on Jul 12, 2007 at 12:34 UTC
Well it will be encrypted but that doesn't necessarily doesn't mean it won't be sniffed out, it may contain garbled trash. besides having a sniffer anywhere on your box isn't a good thing anyway	[reply]