Both of you are probable right. It's just that I couldn't convince my client that sending new random passwords is better and more secure, but I guess it's the right thing to do.
Thanks for the help, C. > -----Original Message----- > From: Peter Lovatt [mailto:[EMAIL PROTECTED]] > Sent: Saturday, June 22, 2002 6:23 PM > To: Seth Yount; [EMAIL PROTECTED] > Subject: RE: [PHP-DB] Re: password()... is it possible? > > Hi > > PASSWORD() is not reversible, but ENCRYPT() might be worth a look. Are you > sure you want unencrypted passwords on view? If you have a security > breach, > which can include a sacked or unhappy sys admin, who wants to hit back, > then > you could have a very uncomfortable situation! > > Better to go with Seth's idea and send them a fresh password, unless there > is a very good reason not to. > > Just my 2p worth :) > > HTH > > Peter > > ----------------------------------------------- > Excellence in internet and open source software > ----------------------------------------------- > Sunmaia > www.sunmaia.net > [EMAIL PROTECTED] > tel. 0121-242-1473 > ----------------------------------------------- > > > -----Original Message----- > > From: Seth Yount [mailto:[EMAIL PROTECTED]] > > Sent: 22 June 2002 22:12 > > To: [EMAIL PROTECTED] > > Subject: [PHP-DB] Re: password()... is it possible? > > > > > > I am not sure of the decrypting procedure for password(), > > but if your > > admin needs to view the passwords for the purpose of changing or > > notifying forgotten passwords to the custormer you could use this > > approach: > > > > Generate a random password (numbers and letters) that is > > emailed to the > > user. The user then logs on with their USERNAME and the new password. > > Of course, the user then should be influenced to change the generated > > password to something of their choice. > > > > This works well in that you can increase your security by > > letting the > > user know that 'nobody' will know their password, thus limiting access > > to the users account/session to them alone. > > > > If this isn't the case that you are dealing with, then I am > > just babbling > > away... hope it helps ;) > > > > > > César aracena wrote: > > > > > Hi all, > > > > > > I need the administrators of one site to actually see the user's > > > passwords. I like using password() for encrypting but doesn't know if > it > > > can be retrieved in common English. > > > > > > Thanks, > > > > > > Cesar Aracena <mailto:[EMAIL PROTECTED]> > > > CE / MCSE+I > > > Neuquen, Argentina > > > +54.299.6356688 > > > +54.299.4466621 > > > > > > > > > > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
