List:General Discussion« Previous MessageNext Message »
From:Colin Streicher Date:January 19 2010 12:52am
Subject:Re: Record old passwords ?
View as plain text  
On January 18, 2010 01:34:15 pm Tompkins Neil wrote:
> Hi
> 
> I'm in the process of designing a login system to a secure web page using
> MySQL.  One of the features is we need to record and ensure that the user
> password is different from any of the last four passwords he/she has used.
>  I was thinking of create four fields called Password1, Password2,
>  Password3 and Password4 to record the old passwords.
> 
> Is this a preferred method - or does anyone else have any recommendations ?
> 
> Thanks,
> Neil
> 
I'm not an awesome database designer, most of what I do is code related stuff, 
I think what I would do for this is 1. hash the password( sha256/512 whatever) 
and then 2. store the hash in a string with delimiters. In that way, you solve 
2 problems. 
You can store as many as you want to because you can just check hashes to make 
sure it isn't the same, and second, you aren't storing passwords in plain-
text, which is a personal pet peeve. 
 
-- 
In the stairway of life, you'd best take the elevator.
Thread
Record old passwords ?Tompkins Neil18 Jan
  • Re: Record old passwords ?SH18 Jan
  • Re: Record old passwords ?Carsten Pedersen18 Jan
  • Re: Record old passwords ?Colin Streicher19 Jan
    • Re: Record old passwords ?John Meyer19 Jan
      • RE: Record old passwords ?Daevid Vincent20 Jan
        • Re: Record old passwords ?Jørn Dahl-Stamnes20 Jan
          • Re: Record old passwords ?Tompkins Neil22 Jan
            • Re: Record old passwords ?Suresh Kuna27 Jan
    • Re: Record old passwords ?Carlos Proal19 Jan
      • Re: Record old passwords ?Tompkins Neil19 Jan
        • Re: Record old passwords ?Tompkins Neil19 Jan
          • Re: Record old passwords ?Mark Goodge19 Jan
            • Re: Record old passwords ?John Meyer21 Jan
              • RE: Record old passwords ?Jerry Schwartz21 Jan
          • Re: Record old passwords ?Lucio Chiappetti21 Jan
            • Re: Record old passwords ?Mark Goodge21 Jan
        • Re: Record old passwords ?Mark Goodge19 Jan
Re: Record old passwords ?Tompkins Neil19 Jan