Both of you are probable right. It's just that I couldn't convince my
client that sending new random passwords is better and more secure, but
I guess it's the right thing to do.

Thanks for the help,

C.

> -----Original Message-----
> From: Peter Lovatt [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, June 22, 2002 6:23 PM
> To: Seth Yount; [EMAIL PROTECTED]
> Subject: RE: [PHP-DB] Re: password()... is it possible?
> 
> Hi
> 
> PASSWORD() is not reversible, but ENCRYPT() might be worth a look. Are
you
> sure you want unencrypted passwords on view? If you have a security
> breach,
> which can include a sacked or unhappy sys admin, who wants to hit
back,
> then
> you could have a very uncomfortable situation!
> 
> Better to go with Seth's idea and send them a fresh password, unless
there
> is a very good reason not to.
> 
> Just my 2p worth :)
> 
> HTH
> 
> Peter
> 
> -----------------------------------------------
> Excellence in internet and open source software
> -----------------------------------------------
> Sunmaia
> www.sunmaia.net
> [EMAIL PROTECTED]
> tel. 0121-242-1473
> -----------------------------------------------
> 
> > -----Original Message-----
> > From: Seth Yount [mailto:[EMAIL PROTECTED]]
> > Sent: 22 June 2002 22:12
> > To: [EMAIL PROTECTED]
> > Subject: [PHP-DB] Re: password()... is it possible?
> >
> >
> >     I am not sure of the decrypting procedure for password(),
> > but if your
> > admin needs to view the passwords for the purpose of changing or
> > notifying forgotten passwords to the custormer you could use this
> > approach:
> >
> >     Generate a random password (numbers and letters) that is
> > emailed to the
> > user.  The user then logs on with their USERNAME and the new
password.
> > Of course, the user then should be influenced to change the
generated
> > password to something of their choice.
> >
> >     This works well in that you can increase your security by
> > letting the
> > user know that 'nobody' will know their password, thus limiting
access
> > to the users account/session to them alone.
> >
> >     If this isn't the case that you are dealing with, then I am
> > just babbling
> > away... hope it helps ;)
> >
> >
> > César aracena wrote:
> >
> > > Hi all,
> > >
> > > I need the administrators of one site to actually see the user's
> > > passwords. I like using password() for encrypting but doesn't know
if
> it
> > > can be retrieved in common English.
> > >
> > > Thanks,
> > >
> > > Cesar Aracena <mailto:[EMAIL PROTECTED]>
> > > CE / MCSE+I
> > > Neuquen, Argentina
> > > +54.299.6356688
> > > +54.299.4466621
> > >
> > >
> > >
> >
> >
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> 
> 
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to