0

Hi,

This has been puzzling me and i hope someone can help. I have a MySQL database field that contains a members password "password" and i need a login script that asks for the customers username and 4 random digit's of there password, for example:

Username: [ ]
Password:
Digit 2 [ ], Digit 4 [ ], Digit 6 [ ], Digit 8 [ ]

But if there password is only 7 digit's it would be pointless asking for an 8th digit - so i also need help working that out too. If anyone has a code example or could type a quick one up it would be superb.

Thanks,
Zack.

2
Contributors
1
Reply
2
Views
8 Years
Discussion Span
Last Post by almostbob
0

if stored clear in the database and transmitted in clear between the pc and the server its not a password its an invitaion to packet sniffers

hash: Md5 sha or otherwise (md5 serverside | md5 clientside) the password and verification of the password on the pc at account setup, and transmit & store the hash in the password column
hash the entry password on the pc and send the hash for verification
nobody knows what the password is, sniffers can't read the password

Users will continually make errors in this 4th char 3rd char crap
even if you ask for their name as a password people will count characters wrong

Edited by almostbob: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.