[prog] web authentication

[Mary]

On Thu, Nov 10, 2005, Mary wrote:
> I think using hashes or encryption is good practice for web developers
> if nothing else so that if they end up with a powerful client who
> insists on security certification, the tweaking needed is minor rather
> than major.

And don't forget that in some cases you're vulnerable to in-house
attempts to get the data (maybe your call centre support person wants to
steal CC numbers you store). This requires a whole new set of lock-down
procedures.

-Mary