> [...]
> Isn't this just as bad? If you store the encrypted password, that doesn't
> help you in the slightest in this case, because if you can breach the list
> of encrypted passwords, you still know what you need to send as the
> "password" from the front end to let you into the database.
> [...]
If you encrypt the input from the frontend as well and compare the
encrypted strings it will not help you to look into the list of
encrypted passwords ... or am I wrong?
Regards, Jens Hartwig
=============================================
Jens Hartwig
---------------------------------------------
debis Systemhaus GEI mbH
10875 Berlin
Tel. : +49 (0)30 2554-3282
Fax : +49 (0)30 2554-3187
Mobil : +49 (0)170 167-2648
E-Mail : jhartwig@debis.com
=============================================