|
Posted by Justin Koivisto on 02/01/06 17:07
Mike wrote:
> Thats all good but how would you send the password back to the user if
> they forget it. E.G. "Enter your email address and we will email you
> your password" You can't as MD5 is only one way.
>
> You can do it with encrypt() but if someone has the knowledge to access
> your database I'm pretty sure they would know how to decrypt the
> password.
>
> Other than sending the user a new password and getting them to change
> it I don't think you can.
No, you can't. You generate a new password with a link. They click the
link, enter the new password, then are prompted to change it (to
something they will remember). Storing a recoverable password anywhere
is just plain crazy. ;)
--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com
Navigation:
[Reply to this message]
|