Re: (Kinda sorta) PHP related: recovering lost passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



James Colannino wrote:
If it matches the unencrypted version stored in the
database, you know you have the correct answer, and use it to decrypt
the user's password and send it to the email the user has setup for
their account.

All the good sites simply don't have that capability ...
Much safer rather than 'recovering' a password is to identify the user, and send them a temporary password which they have to change when they log in. This way nobody is allowed access existing passwords ;)

--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux