Hi

PASSWORD() is not reversible, but ENCRYPT() might be worth a look. Are you
sure you want unencrypted passwords on view? If you have a security breach,
which can include a sacked or unhappy sys admin, who wants to hit back, then
you could have a very uncomfortable situation!

Better to go with Seth's idea and send them a fresh password, unless there
is a very good reason not to.

Just my 2p worth :)

HTH

Peter

-----------------------------------------------
Excellence in internet and open source software
-----------------------------------------------
Sunmaia
www.sunmaia.net
[EMAIL PROTECTED]
tel. 0121-242-1473
-----------------------------------------------

> -----Original Message-----
> From: Seth Yount [mailto:[EMAIL PROTECTED]]
> Sent: 22 June 2002 22:12
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Re: password()... is it possible?
>
>
>       I am not sure of the decrypting procedure for password(),
> but if your
> admin needs to view the passwords for the purpose of changing or
> notifying forgotten passwords to the custormer you could use this
> approach:
>
>       Generate a random password (numbers and letters) that is
> emailed to the
> user.  The user then logs on with their USERNAME and the new password.
> Of course, the user then should be influenced to change the generated
> password to something of their choice.
>
>       This works well in that you can increase your security by
> letting the
> user know that 'nobody' will know their password, thus limiting access
> to the users account/session to them alone.
>
>       If this isn't the case that you are dealing with, then I am
> just babbling
> away... hope it helps ;)
>
>
> CÚsar aracena wrote:
>
> > Hi all,
> >
> > I need the administrators of one site to actually see the user's
> > passwords. I like using password() for encrypting but doesn't know if it
> > can be retrieved in common English.
> >
> > Thanks,
> >
> > Cesar Aracena <mailto:[EMAIL PROTECTED]>
> > CE / MCSE+I
> > Neuquen, Argentina
> > +54.299.6356688
> > +54.299.4466621
> >
> >
> >
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to