Y
Hacker News
new
|
ask
|
show
|
jobs
by
k0ban
5766 days ago
I agree don't use IP as a part of token - it will require user to re-authenticate very often.
And don't forget about the salt. Store password something like SHA-1(MD5(password)+password)