[ale] User authentication in web app
George Carless
kafka at antichri.st
Thu Mar 18 09:00:32 EST 2004
On Wed, Mar 17, 2004 at 11:03:26PM -0500, Ben Coleman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> George Carless wrote:
>
> | I don't understand.. why return/handle rows that are of no interest to
> | you, instead of checking the password within the query?
>
> Suppose two or more users have the same password? You'll get multiple
> rows back from your select, and you'll have to check each of them to see
> if they match the user's username. You do want to make sure the
> password entered matches the username entered, don't you?
Eh? You'd check against *both* the username *and* the password in your
lookup, of course..
--George
More information about the Ale
mailing list