Subj : Re: How to implement password protection? To : comp.programming From : Markus Becker Date : Fri Aug 26 2005 09:02 pm Michael Wojcik schrieb: > Preventing an attacker from modifying the stored hash, as defined by > your threat model, is left as an exercise for the reader. (Hint: The Thanks, I haven't thought of that. > easiest solutions use OS facilities designed for this purpose.) But using OS-facilities is not an option, since the 'user' does not want to create operating- system-level users, but rather 'my own software' users. > 2. Create a more detailed list of your requirements (this may > require some research), then look for existing software - free or > commercial - that addresses them. Use it. If you can't find any, > hire a security professional. The requirements are not mine, it's those of the customer. I could use _their_ model and code, unfortunately I was quite succesful in convincing them that their code is unsecure. Dammit. > 3. Begin by looking at open-source packages that implement the > features you think you want. Investigate what they do; research I guess that's what I'll do. Markus .