| Subject | Re: [firebird-support] Users can create anything?!? |
|---|---|
| Author | Aage Johansen |
| Post date | 2005-05-25T20:48:40Z |
Geoff Worboys wrote:
Only a few users are allowed to have a non-encrypted password which they
can use outside of the regular apps.
--
Aage J.
> ..This is exactly what I've done (for more than five years).
> I use an less than perfect solution to these in my systems...
> When the a non-admin user logs on to my application their
> password is not used directly. Instead it is processed by
> a hash function, the result of which is turned into a string
> and that is provided as the password.
> Hence the user does not actually know their password to the
> FB server, and so cannot access the database through any other
> application.
Only a few users are allowed to have a non-encrypted password which they
can use outside of the regular apps.
--
Aage J.