James Colannino wrote:
If it matches the unencrypted version stored in the
database, you know you have the correct answer, and use it to decrypt
the user's password and send it to the email the user has setup for
their account.
All the good sites simply don't have that capability ...
Much safer rather than 'recovering' a password is to identify the user, and send
them a temporary password which they have to change when they log in. This way
nobody is allowed access existing passwords ;)
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php