I use MD5 hash available on http://www.cflib.org. When someone forgets a password, I email them a temporary password that must be changed immediately upon use. I also email them whenever anything on their profile, including password, is changed. When someone calls in, we do the same thing on their behalf. No one but the User ever sees their password
Andy -----Original Message----- From: Mark Leder Hi all, I've been pondering the problem of password storage in a db and its retrievability, and was wondering what other people have done in the following situations: 1) What method(s) used for password encryption (salt and hash). What tag(s) do you use? 2) When someone forgets their password, how would an encrypted password be de-salted/de-hashed and displayed on a screen? (I would display the password when the userenters their emal AND correctly responds to a challenge question - I never send passwords via email, as I have seen done on many ecommerce sites). Thanks, Mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:201847 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
