View Single Post
  #2  
Old 03-11-2009, 10:21 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

Quote:
Is there any known way to reverse these passwords to reveal them?
Yes it's according to how you encrypted the password and how secure the password is.

For example, I use a "standard" password with big,small,number, special character in length of 12 characters. I encrypted them with MD5 to a MD5 hash. It is pretty secure for revealing the password. But ...

The problem I see here is not what you concern about. But that is your authentication system. If the user can work locally with tblUser, then I have question: How do you authenticate the user? That means when I, an user, work locally and log into the system. Which table will be used to authenticate me? The local one or the online one?
If you use the local one, then you must think about "cookie faking". With "cookie faking" I can easily loginto an account of other user.
If you use the online one, I recommend you to remove the tblUser (which supports the authentication process) immediately from local database under any circumstance. It gives you a very,very big risk for your systems in future.
Your system will get bigger day after day. And if you do not do it right away, it'll be very complex to do it later.
__________________
My site: http://rongchaua.net

Last edited by rongchaua : 03-11-2009 at 10:26 AM.
Reply With Quote