Hello, I know there are thousands of "hash", "password", "encryption", "login" and so on questions and I can't say this one is different but I really need help.
I'm developing a web application using Rational Application Developer, Worklight [for mobile] and DB2. Users can use "remember me" for passwords but what is the best way to user store passwords? Not in user tables, right , and also users can change their passwords, so can anyone help me to get started? Thanks in advance...
You can save data to table use data type as VARCHAR FOR BIT DATA, dont give direct access rights of table to user, for password validation use store procedure for that. ( I am having exposure to production support dba so regarding procedures some db2 application dba can help you more).
for remember me option :
You can achieve it on application layer, save password in encrypted format of remember me user, but if you dont want to save the data in local computer then
Create a table (e.g x ) which will have user name,ip address and a check field. If any user will use remember me option then after validating password ( from main user id password table ) it will save data in that table x.
On application layer use such code when any user will input userid it will automatically run the query on backend and will validate the things from table x.
In case of any user change his password then check field will be 'x' and in this situation if any hit will come then it will go to main password table to validate password and user will receive response password changed.