Subject Re: [firebird-support] Password length in FB 2.0
Author Bogusław Brandys
Guido Klapperich wrote:
>> Use your own user table where name and password are stored encrypted and
>> checked after login from your app.
>> If your customers have a password policy then they might have further
>> requirements like:
>> - user can't change password
>> - user has to change password
>> - password validity / expiration date
>> - password history (no reuse of already used passwords after a change)
>> - and so on
> Hi Lucas,
> yes the customers have the requirements you described and I'm able to
> fulfill the requirements without storing the current password of a user
> in my database. I don't like the idea of storing the current password in
> my database, but I fear it's the only possibility I have.

Not quite.You can use hash functions like MD5 on user typed password
(which could be as long as you wish).Then use only hash or part of has
as Firebird user password.
You can easily imagine advantages (password stored in Firebird database
has no meaningful relation to those typed in your application) and
disadvantages (like problems with external tool usage).