You are here: Re: PHP, Md5, and password retreival forms.. « PHP Programming Language « IT news, forums, messages
Re: PHP, Md5, and password retreival forms..

Posted by shimmyshack on 03/29/07 16:06

On 29 Mar, 15:56, custom...@gmail.com wrote:
> I have designed a site that requires users to login. Me being new to
> php, I hired a guy to help me setup the database. He set it up and it
> works flawlessly. Well.. instead of helping me finish the project, he
> has pretty much dissapeared.
>
> Looking at the code, the passwords are stored using Md5 encryption in
> the database. I was able to get a password retrieval form working,
> but its sending the passwords encrypted.
>
> Can they be retrieved unencrypted via form?

if you mean, can you get the users to post their passwords from the
form so that you can see them, and still authenticate them, the answer
is yes (if you fiddle with the form) but you should leave it just as
it is!
The last reply (Arjen) was spot on, you shouldnt have to know what
your users passwords are, just reset them, that's all they need. The
way the form is set up _probably_ (we can't really tell cos you didn't
provide a URL) means that it is logging them in securely without SSL,
if you fiddle with this, you will be increasing the surface area of
attack for your site.

If you meant anything else, the answer is _probably_ no.

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация