jimfog Posted April 23, 2013 Share Posted April 23, 2013 when the user tries to login...do you check that there is his username/password in the db solely based on the supplied(with the form) username? I mean something like this: select * from credentials where email='tahtah@tahtah.com'; I am saying that because when the password is hashed in the dbhow can we cross check it with the one supplied by the user during the form. After the above, I compare the hashed password in the db with the user supplied password(after it has been hashed also) WHat do you do usually? Link to comment Share on other sites More sharing options...
justsomeguy Posted April 23, 2013 Share Posted April 23, 2013 It depends what kind of error messages you want to show. If you want different error messages for a missing username and a wrong password then you need to check them individually. If you want one error message that says either the username or password is wrong then you can check them both at the same time. Link to comment Share on other sites More sharing options...
jimfog Posted April 23, 2013 Author Share Posted April 23, 2013 what is the norm these days in a web app?Check them at the same time or individually?And also to add to this, the checking of the hash. Link to comment Share on other sites More sharing options...
justsomeguy Posted April 23, 2013 Share Posted April 23, 2013 There's not a "norm", people do things differently based on how they want their application to act. If usernames are sensitive data for you, where you don't even want people to be able to tell what usernames are registered, then you don't want an error message that says the username wasn't found. Link to comment Share on other sites More sharing options...
jimfog Posted April 23, 2013 Author Share Posted April 23, 2013 Οk got you thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now