Home Projects Jobs Clientele Contact


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

User password

For security reasons, the person_list fields (pl_login,pl_password) are not available for any normal user. Of course, DBA may read 'em, but application can't.
The basic reason is - an application should not try to authenticate a user by comparing user' password with the password stored in the database.
The only password application knows about is the password entered by user in Login page. This password is used in login() proc, or in person_modify() proc, and nowhere else.
Alexey Parshin,

Authoright © Total Knowledge: 2001-2008