i would not worry about encrypting the emails either. there is a good reason why almost nobody does this :)
a possible alternative may be: - you automatically generate a password and make it time-limited, i.e. it expires within 2 hours; - you email your user the generated password with instructions on how to change it and warning about the time limit; - you hash the generated password and store only the hash in your db; - the user must log in with automatically generated password within the time limit and change the password - you hash and store the new password in the db; the user must still trust you not to 'snoop' on what they type into the password form fields, but with the hash being a one-way encryption at least the user can know that nobody else can see their password even if they can access the database... what do you think of that? Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ Richard White wrote: > Hi, > > we have a page where we add new users to our software. before it adds them to > the database it generates a random password for them, then we want it to send > them that password via an encrypted email. > > is this is the best way to do it, and if so then can you tell us how to > encrypt an email please. i can send an email fine but encrypting it is a > different story. > > we have to generate them a random password, as we generate the accounts > whilst the new users are not with us, and by emailing it to them it ensures > that we don't see their password. > > appreciate your thoughts and advice > > thanks > > richard > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:300274 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
