Re: *urgent* anyone else heard about the password leak?
[tech derail]
Quote:
Originally Posted by TSM
(Post 2053691)
the normal way is to hash the username & password together, well thats nix way from what i remember
|
Yup, I hash using either username or email address. It's the one time on a website that I'll use javascript for "core" functionality as I don't want an unhashed pwd gonig back & forth between server & client.
Quote:
Originally Posted by TSM
(Post 2053691)
i somtimes hash it with the IP address & session_id if i want a temporary password, many diffrent ways
passwords in DB are usualy not done with a master seed though, if you loose that then you are stuffed
|
You can't always rely on a client's browser maintaining 1 ip address for its session. Apps such as AOL seem to let the AOL browser use a roaming/floating ip address range - hence all the issues that you get with AOL users.
[/tech derail]
|