Reply to Re: How to store and retrieve encrypted password? — All PHP

Posted by Justin Koivisto on 02/01/06 17:07

Mike wrote:
> Thats all good but how would you send the password back to the user if
> they forget it. E.G. "Enter your email address and we will email you
> your password" You can't as MD5 is only one way.
>
> You can do it with encrypt() but if someone has the knowledge to access
> your database I'm pretty sure they would know how to decrypt the
> password.
>
> Other than sending the user a new password and getting them to change
> it I don't think you can.

No, you can't. You generate a new password with a link. They click the
link, enter the new password, then are prompted to change it (to
something they will remember). Storing a recoverable password anywhere
is just plain crazy. ;)

--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация