Posted on 2009-05-06
I have a PB app where user enters userid/password. IT calls an oracle server function that returns 1 if userid/password is good and 0 if it is not . PB then letst he user in or blocks it.
Does this mean that PB is sending the passowrd in text form or hashed to the server over the network. passwords in DB are hashed. The server procedure has the hashing function that compares the hashed DB password to the hashed text entered.
2. if it getting transmitted in text how we get it to send hashed or encrypted. We still want to keep authentication done by this server function.