I would guess the passwords are stored in plain text... on a dedicated
machine, this is only as much of a risk as the machine's security in
general is... still more of a risk than I'd take with data that needs to be
secure...
As someone mentioned earlier, if you want to provide for a user who might
lose his password, I recommend that you simply force him to choose another.
--Toby
----- Original Message -----
From: "Maxim Maletsky" <[EMAIL PROTECTED]>
To: "'Josh G'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, January 15, 2001 9:17 PM
Subject: RE: [PHP] password() ::: and it's return...
> No, simply when someone loses it's password. How do developers return it
on
> their systems? What are the procedures, tips todo, tricks etc....
>
> This is because I am working on a similar system right now, and the
> "password return" part is the one I am not too sure yet. Plus many of us
> would learn something new.
>
> Maxim Maletsky
>
> -----Original Message-----
> From: Josh G [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 16, 2001 11:07 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] password() ::: and it's return...
>
>
> I'm not sure I understand the question. What exactly do you mean? Are
> you talking about returning it from the client already encrypted? Not
sure
> if anybody does that, as JS doesn't have a whole lot of useful encryption
> stuff in it, and iirc the md5() algorith is rather lengthy.
>
> Gfunk - http://www.gfunk007.com/
>
> I sense much beer in you. Beer leads to intoxication, intoxication to
> hangovers, and hangovers to... suffering.
>
>
> ----- Original Message -----
> From: "Maxim Maletsky" <[EMAIL PROTECTED]>
> To: "'Chris Lee'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, January 16, 2001 1:01 PM
> Subject: RE: [PHP] password() ::: and it's return...
>
>
> >
> > Instead I am curious how other developers on this list are returning
the
> > MD5, password() or whatever in permanently encrypted passwords...
> >
> > What are procedures and what is the way the return process work?
> > Any tricks/tips to share with all of us?
> >
> > Cheers,
> > Maxim Maletsky
> >
> >
> >
> > -----Original Message-----
> > From: Chris Lee [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, January 16, 2001 10:53 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [PHP] password()
> >
> >
> > simple answer is no. the only way to decrypt the passwd is to run it
> through
> > a cracker. All admins are used to this and know that if a user has lost
a
> > passwd that they are going to have to give them a new one, finding the
old
> > just isnt work one week of processing time :)
> >
> > Im curious to see how other php developers store their passwd's
> > -plain text in db
> > -use of unix password()
> > -use of db password()
> > -other ?
> >
> > Chris Lee
> > Mediawaveonline.com
> >
> >
> > ""Jason Jacobs"" <[EMAIL PROTECTED]> wrote in message
> > 011501c07f3f$c415bcc0$5800a8c0@doc">news:011501c07f3f$c415bcc0$5800a8c0@doc...
> > > Hi. I use password() to excrypt my passwords when I'm adding users
to
> my
> > > mysql database. I'm wondering if there's a function to use to
> un-encrypt
> > it
> > > (for a web interface to change the password, and so the admin who is
> > editing
> > > user info can see what it is). Thanks for any help.
> > >
> > > Jason
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> > >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
