Hi, As far as I remember, in all books I read about PHP and SQL, the password was stored in an encrypted form, even when all the data which should be protected by the password was stored in the same database. Can anybody tell me what is the motivation behind this approach? If somebody hacks the database, he has the data anyway; if he doesn't, he can't retrieve the password, encrypted or not. I am asking because I would like to implement a simple file server. A user would upload his files and get them listed on his user page. If he wants to allow some other person to download the file, he pushes a button beside the file entry in the listing and a page opens where he can enter the email of the other person. An email is send with the link where the file can be found and a password included... The person who asked me to write this file server wants everybody who to receive the same link together with the same password for the same file. In order to implement this approach, the password has to be stored somewhere... I thought about storing the password as it is in the database - but somehow wonder why this never was done in any of the books I read... By the way: in most cases, when pushing the "I forgot my password" button, an email with a user name and a link to activate the password is generated. Anybody who gets into the possession of the email could access the data... Should I rather send two emails, one with the link, one with the new password? Thanks for your help :) Dietrich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
