[ale] User authentication in web app

George Carless kafka at antichri.st
Tue Mar 16 17:02:28 EST 2004


On Tue, Mar 16, 2004 at 04:45:27PM -0500, mainwizard at vei.net wrote:
> 
> The correct way is to match the username 
> 
> select * from users where USERNAME = 'value';
> 
> And if you get a match you then check that the password for that user matches the password supplied.

I don't understand.. why return/handle rows that are of no interest to 
you, instead of checking the password within the query?  The only reason I 
can see is if you want to get other information about the user in order 
to, say, email that user and say "someone's been trying to access your 
account".. or if you want to store the results for a subsequent password 
check.  

--George



More information about the Ale mailing list