On 01/04/2011 12:18, JoshuaLeMorris.com wrote:
It would be better to design the system so the password is never saved raw in
the system, only save hashed. Then if a user wants to recover the password
generate a temp and then have them set a new password. Then if you are salting
your hashes you have a far more secure application. Just my humble opinion.
Yes, of course store the password encrypted. I think that is a given.
Though, if Steve was thinking about populating the pw field, then, yes,
I guess he was storing it as plain text. Yikes!
--
List: [email protected]
Info: http://framework.zend.com/archives
Unsubscribe: [email protected]
