> Is it really necessary to store passwords encrypted in a mySQL DB for a
> membership site if you're not storing sensitive info such as credit card
> numbers? How much security does that offer, really, and for whom?

The most important reason in my humble opinion is that users may use the
same password for serveral sites and therefor he or she can feel safe that
his password isn't abused, even if a hacker grabs the database. For
passwords under 128 chars, md5() is a pretty good solution.

> The reason I ask is because I'm trying to implement a "forgot password"
> feature on a membership site. But if I store passwords encrypted, I can't
> just send the password to their e-mail address, I have to generate a new
> before sending it, which essentially locks that member out of the site
> they get their new password. This has the potential to be abused by a
> vindictive person. All they need to know is the member's username or
> address and they can keep re-generating new passwords (locking the member
> out of their own account) for a member to annoy them.
> If the password wasn't encrypted, I could just e-mail their existing
> password. The only annoyance then would be someone sending this password
> over and over to another user, but, at least they won't get 20 new
> and be locked out of their account as a result.

This can be more or less resolved, there's almost impossible to fully
protect your site from abuse but you could for example implement something
like max one new password per day. Another way could be to add an additional
detail, like postal code or something which is easy for user to determine
but (probably) not for other people.

My $0.02


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to