ON this note: check out mysql's CRYPT function - easy to use and one-way (AFAIK) -----Original Message----- From: thelist-bounces at lists.evolt.org.uk [mailto:thelist-bounces at lists.evolt.org.uk] On Behalf Of Ivo P Sent: Friday, October 21, 2005 10:45 AM To: thelist at lists.evolt.org Subject: Re: [thelist] Securing a Web Application You probably already know this but when it comes to logins there is value in not storing passwords themselves. Instead store a hash of the password so that if your app were cracked plaintext passwords wont be revealed. Then like others have pointed out watch out for scripting attacks, sql injection, etc. Basically never trust the data returned by a client until you have sanitized it. -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !