On Tue, 23 Sep 2003 18:02:37 +0200, Riccardo Attilio Galli wrote:
english). An user should never enter the password again. I know how hashes
work, and they're useful when I can compare an entered password with an
hash value, but here I need that the user don't enter a password anymore
(after the first time).
english). An user should never enter the password again. I know how hashes
work, and they're useful when I can compare an entered password with an
hash value, but here I need that the user don't enter a password anymore
(after the first time).
operating system's security, and even that isn't always possible. I think
the NT/W2K model allows for encryption based on keys that only the specific
user can use (i.e. you have to actually be logged in as that user; I'm not
sure if the adminstrator can fake it). This won't work on 9X. On UNIX, a
close approximation is to just store the password in a file to which only
the user has read access, but obviously root will still have access.
Note that if the application supports multiple mail accounts for a single
user (as many do), then it becomes useful to have a single password for the
application, used to encrypt the various passwords for the different mail
accounts.
Gary
