numero = 110776
interpreted = N
texte = --Apple-Mail=_DC0BF0EC-AA19-4A5B-8470-A864BE7A0FC7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii You could store the seed as a variable in the global directory. On 03/10/2013, at 6:47 AM, Tom Duke wrote: > Stuart, >=20 >=20 > > [URL][URL][ENCRYPT seed=3Dsecret]password-value[/ENCRYPT][/URL][/URL]= >=20 >=20 > Hi - that's what I have been using as well. The problem is that if = the site is hacked the seed is accessible and all of the passwords are = immediately exposed. >=20 > One client in particular has been advised that passwords should only = be stored after being salted and encrypted using a one-way hash. The = hash should not be MD5 or SHA1. Their concern is that while a hack = would be bad enough to deal with, it would be worse if they ended up = exposing all of the users passwords, or were seen not to have taken = measures to protect the passwords. >=20 > I would like to continue to use [encrypt] but I can't figure out what = algorithm is used if no seed is specified. >=20 > - Tom >=20 >=20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_DC0BF0EC-AA19-4A5B-8470-A864BE7A0FC7 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii You could store the seed as a variable in the global directory.
Hi - that's what I have been using as well. The problem is that if the site is hacked the seed is accessible and all of the passwords are immediately exposed.
One client in particular has been advised that passwords should only be stored after being salted and encrypted using a one-way hash. The hash should not be MD5 or SHA1. Their concern is that while a hack would be bad enough to deal with, it would be worse if they ended up exposing all of the users passwords, or were seen not to have taken measures to protect the passwords.
I would like to continue to use [encrypt] but I can't figure out what algorithm is used if no seed is specified.
- Tom
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
--Apple-Mail=_DC0BF0EC-AA19-4A5B-8470-A864BE7A0FC7--
Associated Messages, from the most recent to the oldest:
--Apple-Mail=_DC0BF0EC-AA19-4A5B-8470-A864BE7A0FC7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii You could store the seed as a variable in the global directory. On 03/10/2013, at 6:47 AM, Tom Duke wrote: > Stuart, >=20 >=20 > > [url][url][ENCRYPT seed=3Dsecret]password-value[/ENCRYPT][/URL][/URL]= >=20 >=20 > Hi - that's what I have been using as well. The problem is that if = the site is hacked the seed is accessible and all of the passwords are = immediately exposed. >=20 > One client in particular has been advised that passwords should only = be stored after being salted and encrypted using a one-way hash. The = hash should not be MD5 or SHA1. Their concern is that while a hack = would be bad enough to deal with, it would be worse if they ended up = exposing all of the users passwords, or were seen not to have taken = measures to protect the passwords. >=20 > I would like to continue to use [encrypt] but I can't figure out what = algorithm is used if no seed is specified. >=20 > - Tom >=20 >=20 >=20 > --------------------------------------------------------- This message = is sent to you because you are subscribed to the mailing list . To = unsubscribe, E-mail to: archives: = http://mail.webdna.us/list/talk@webdna.us Bug Reporting: = support@webdna.us --Apple-Mail=_DC0BF0EC-AA19-4A5B-8470-A864BE7A0FC7 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii You could store the seed as a variable in the global directory.
Hi - that's what I have been using as well. The problem is that if the site is hacked the seed is accessible and all of the passwords are immediately exposed.
One client in particular has been advised that passwords should only be stored after being salted and encrypted using a one-way hash. The hash should not be MD5 or SHA1. Their concern is that while a hack would be bad enough to deal with, it would be worse if they ended up exposing all of the users passwords, or were seen not to have taken measures to protect the passwords.
I would like to continue to use [encrypt] but I can't figure out what algorithm is used if no seed is specified.
- Tom
--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us
--Apple-Mail=_DC0BF0EC-AA19-4A5B-8470-A864BE7A0FC7--
Stuart Tremain
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...