|
Posted by Terence on 10/11/05 12:30
Richard Davey wrote:
>
> Agreed totally, I am curious as to why this question seems to get
> asked a LOT though. I wonder what it is that causes this? (other than
> inexperience) I mean there must be some common end result these
> developers are hoping to obtain, resulting in a password being stashed
> away in a session var.
What about this scenario. A system developed using procedures /
functions to update data without direct table access. Bypassing the
single user account from the application to the database (which most web
based apps use), each procedure requires additional parameters
(username,password) which then verifies the user (from a user lookup
table) before executing the stored procedure. This makes the system more
secure in case the web app username and password is breached which
usually has full access to the db.
Of course storing it in a session is a no-no, so what I am trying to get
at is,perhaps a reason for storing the password "somewhere".
Your thoughts Richard?
Thanks!
Warm Regards
Terence
[Back to original message]
|