Reply to Re: How to store and retrieve encrypted password?

Your name:

Reply:


Posted by Justin Koivisto on 02/01/06 17:07

Mike wrote:
> Thats all good but how would you send the password back to the user if
> they forget it. E.G. "Enter your email address and we will email you
> your password" You can't as MD5 is only one way.
>
> You can do it with encrypt() but if someone has the knowledge to access
> your database I'm pretty sure they would know how to decrypt the
> password.
>
> Other than sending the user a new password and getting them to change
> it I don't think you can.

No, you can't. You generate a new password with a link. They click the
link, enter the new password, then are prompted to change it (to
something they will remember). Storing a recoverable password anywhere
is just plain crazy. ;)

--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация