Here a password, there a password...

    Date: 02/13/05 (PHP Community)    Keywords: browser, database, java

    I have a problem. My current login system works as follows:

    The user inputs their username and password and hits Login. Before the browser sends this information, a javascript catches the password and replaces it with an md5 hash (combined with the username). On my server, the username is queried in the database, pulling up the password. The md5 is regenerated, and is compared with the hash that the user sent.

    Now, the problem is that this scheme leaves the password unencrypted in my database.

    The problem is, I simply have no idea about how verify the login without having the actual password somewhere. I don't want it sent over the network, but I don't want to store it plainly in the database either. Any suggestions?


« ftp || stripping HTML formatting »

antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home