[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
User password
- To: uu@total-knowledge.com
- Subject: User password
- From: "Alexey Parshin" <alexeyp@gmail.com>
- Date: Wed, 11 Apr 2007 15:49:19 +1000
- Delivered-to: mailing list uu@total-knowledge.com
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=AM81zz67KZDuWJ2HDG4xs6XvLkahBjh3spDXRsOpvycpva/nhop96MYqWF2JcRXk/WgelB6h017gJ13W/LpN2RZsmplhhuCcyzsFj5Hu5Qtu6qlvYxWDbbHYZ0Q0u9PTr/P9cgDHZP5426D5Z+/PmAT+hRx0zA6cVe5jqAU6F10=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=LE/pINjNVexxPFNrZAmJ99CPp4VqlKNSuZ9h8pVm11FBJOAkciCc29OK5RiD3kv0rk2fqUZqaGpET4aGB61JUBVENl/+DjCbwUgO8mP/GzsxvYrFZ0QHOpYuZWCGlAuiZTv8Ujjj8JrdCMXiGXeRFcIu9pcFre+kvkGin5xuiTY=
- Mailing-list: contact uu-help@total-knowledge.com; run by ezmlm
For security reasons, the person_list fields (pl_login,pl_password) are not available for any normal user. Of course, DBA may read 'em, but application can't.
The basic reason is - an application should not try to authenticate a user by comparing user' password with the password stored in the database.
The only password application knows about is the password entered by user in Login page. This password is used in login() proc, or in person_modify() proc, and nowhere else.
--
Alexey Parshin,
http://www.sptk.net