[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] User authentication in web app

Subject: [ale] User authentication in web app
From: kafka at antichri.st (George Carless)
Date: Tue Mar 16 17:02:28 2004
In-reply-to: <[email protected]>
References: <[email protected]>

On Tue, Mar 16, 2004 at 04:45:27PM -0500, mainwizard at vei.net wrote:
> 
> The correct way is to match the username 
> 
> select * from users where USERNAME = 'value';
> 
> And if you get a match you then check that the password for that user matches the password supplied.

I don't understand.. why return/handle rows that are of no interest to 
you, instead of checking the password within the query?  The only reason I 
can see is if you want to get other information about the user in order 
to, say, email that user and say "someone's been trying to access your 
account".. or if you want to store the results for a subsequent password 
check.  

--George

Follow-Ups:
- [ale] User authentication in web app
  - From: oloryn at benshome.net (Ben Coleman)

References:
- [ale] User authentication in web app
  - From: mainwizard at vei.net (mainwizard at vei.net)

Prev by Date: [ale] User authentication in web app
Next by Date: [ale] Samba on SuSE 8.2 Personal
Previous by thread: [ale] User authentication in web app
Next by thread: [ale] User authentication in web app
Index(es):
- Date
- Thread