Re: Passwords in MySQL for a PHP site

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dylan Barber wrote:
I am building a security script and am wondering what should I do to enable
a user to recover his/her password if they forget it.  I currently use
PASSWORD() when inserting the password into the database so I don't know how
to send them a unhashed string.

Can someone direct me to an example or give me a few ideas!

Quote from MySQL manual: "Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your application."


Your application should reset the password to some random value for the user rather than giving them their original back and force them to change it the next time they log on.

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux