[ale] User authentication in web app
George Carless
kafka at antichri.st
Tue Mar 16 17:02:28 EST 2004
On Tue, Mar 16, 2004 at 04:45:27PM -0500, mainwizard at vei.net wrote:
>
> The correct way is to match the username
>
> select * from users where USERNAME = 'value';
>
> And if you get a match you then check that the password for that user matches the password supplied.
I don't understand.. why return/handle rows that are of no interest to
you, instead of checking the password within the query? The only reason I
can see is if you want to get other information about the user in order
to, say, email that user and say "someone's been trying to access your
account".. or if you want to store the results for a subsequent password
check.
--George
More information about the Ale
mailing list