> >
> > Sir,
> > Think about a password that -
> > 1. Not stored any where
> > 2. Changes everyday
> > 3. Changes every minute
> > Means the password can be a combination of date & time + some other condition
> > for example
> > x is the user input
> > if x= day(date) + hour(time) * 2
> > user password is correct
> > else
> > user password is wrong
> > Only the user knows about the combination which opens the program.
> > We can hard code the above into our program.
> > There is no boundary for imagination.
> > With Regards,
> > Biju Thomas
>
> You could do that, but it would not be very secure. The user knows that the password is based on the date and the user knows the algorythm (or he/she wouldn't be able to log on.) Now that user gets fired. Your password algorythm is hard coded and is therefore VERY difficult to change. You basically need to recompile if you wish to change your password algorythm. That employee who was fired decides he wants revenge so he gains access to one of the network computer logs into your app before you can recompile and he does as much damage as he can.
>
> Compare that to using Windows security. The employee is fired, SysAdmin deletes that user's account and the user cannot even log onto the network - let alone onto your app.
>
> Ken
> You shall know the truth - and the truth shall set you free. (John 8:33)
Sir,
Thats true. We can eliminate that particular User from our own database too. Thats why I said - There is no boundary for imagination.
With Regards,
Biju Thomas