On Tue, 23 Sep 2003 18:02:37 +0200, Riccardo Attilio Galli wrote:

english). An user should never enter the password again. I know how hashes
work, and they're useful when I can compare an entered password with an
hash value, but here I need that the user don't enter a password anymore
(after the first time).
Better late than never: The only way to do this securely is to rely on the
operating system's security, and even that isn't always possible. I think
the NT/W2K model allows for encryption based on keys that only the specific
user can use (i.e. you have to actually be logged in as that user; I'm not
sure if the adminstrator can fake it). This won't work on 9X. On UNIX, a
close approximation is to just store the password in a file to which only
the user has read access, but obviously root will still have access.

Note that if the application supports multiple mail accounts for a single
user (as many do), then it becomes useful to have a single password for the
application, used to encrypt the various passwords for the different mail


Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 13 of 15 | next ›
Discussion Overview
grouppython-list @
postedSep 22, '03 at 9:37p
activeOct 2, '03 at 5:13p



site design / logo © 2022 Grokbase