Re: Re: Securing user table with sha function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, February 19, 2007 5:12 am, Fergus Gibson wrote:
>> 4) if user forget his or her password, you can send email to the
>> user when
>> the user answer password protected question.
>
> Kinda impossible if the password is hashed, isn't it?  What a strange
> thought, though.  I guess all those sites with password reminder
> functions have the password stored in plain text somewhere.

Yes.

And email is inherently insecure medium, unless you have exchanged
off-line key pairs or something and the user has the skill to install
crypted email software packages.

Even the sites that generate a new random password to email to you
risk the email being inspected in transit, even if the password in the
db is not plain text anywhere at all.

You need at least 3 passwords to surf the web, really.

#1. Real password for like, online banking, where you're pretty sure
they have security "right" (well, the odds are good anyway)

#2. Second level real password for, like, personal info sites, or
"important" private data.

#3. Useless throw-away password for stupid sites you don't really care
about that require a password.

You might even want a #1a for online shopping where you would HOPE the
online store did it right, but don't want to risk the password that
unlocks your bank account, just in case they are one of the ones that
got it very very very wrong.

Something like eBay or Amazon or PayPal, if you use them frequently,
might warrant yet another good password.

Now if I could just remember which EMAIL or USERNAME I used for each
site, I'd be all set... :-(

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux