Ideally you shouldn't store passwords at all. You store the hash to the
password. In this way, someone at your business, or someone with access to
your business, or if someone mistakenly installs some malicious software,
your users passwords can never be retrieved.

When someone logs into your software/site they send their password. Your
server then converts that password to a hash and compares it to a hash
associated with their account, and the password then goes away. No one can
steal your customer password list since they are never stored and thus
cannot be compromised.
_______________________________________________
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal

Reply via email to