You are reading a single comment by @frankenbike and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
frankenbike
Agreed to the one upmanship, let's just say that we are having a nice chat? For the benefit of other people reading this, rather than for ourselves.
Anyway, for those who may not realise it:
Don't reject any characters in passwords.
Don't put a (needless) upper limit on the length of passwords.
Do hash your passwords before storing.
Do salt your hashes.
Do store the salted hashes in the DB.
Do ensure that your DB can store any value created by your hash function.
Do compare hashes when authenticating.
Whatever else I have forgotten.