P
Paulo Tetovisk
Hello,
I have a doubt, maybe related with "Best Pratices" and "How to do a securely
SQL Lookup to authenticate a user against a Database".
It's a simple solution, everybody nows how to do, but what's more secure ?
Send the query or SP with the following statement:
"SELECT COUNT(*) FROM tb_users WHERE uid = 'foo' AND passwd =
'hashedpassword'" and then check if the answer is 0 or 1 ?
Or
Send a query like "SELECT passwd FROM tb_users WHERE uid = 'foo'" and then
you do the password validation on the webserver that host your application ?
The secound solution has a pro: It "saves" SQL processing, but in the
another hand you send your password hash in throught your password, i don't
think that is the most secure solution. Has the first option any con ?
Thanks in advance!
PT
I have a doubt, maybe related with "Best Pratices" and "How to do a securely
SQL Lookup to authenticate a user against a Database".
It's a simple solution, everybody nows how to do, but what's more secure ?
Send the query or SP with the following statement:
"SELECT COUNT(*) FROM tb_users WHERE uid = 'foo' AND passwd =
'hashedpassword'" and then check if the answer is 0 or 1 ?
Or
Send a query like "SELECT passwd FROM tb_users WHERE uid = 'foo'" and then
you do the password validation on the webserver that host your application ?
The secound solution has a pro: It "saves" SQL processing, but in the
another hand you send your password hash in throught your password, i don't
think that is the most secure solution. Has the first option any con ?
Thanks in advance!
PT