> Is it really necessary to store passwords encrypted in a mySQL DB for a > membership site if you're not storing sensitive info such as credit card > numbers? How much security does that offer, really, and for whom?
The most important reason in my humble opinion is that users may use the same password for serveral sites and therefor he or she can feel safe that his password isn't abused, even if a hacker grabs the database. For passwords under 128 chars, md5() is a pretty good solution. > The reason I ask is because I'm trying to implement a "forgot password" > feature on a membership site. But if I store passwords encrypted, I can't > just send the password to their e-mail address, I have to generate a new one > before sending it, which essentially locks that member out of the site until > they get their new password. This has the potential to be abused by a > vindictive person. All they need to know is the member's username or e-mail > address and they can keep re-generating new passwords (locking the member > out of their own account) for a member to annoy them. > > If the password wasn't encrypted, I could just e-mail their existing > password. The only annoyance then would be someone sending this password > over and over to another user, but, at least they won't get 20 new passwords > and be locked out of their account as a result. This can be more or less resolved, there's almost impossible to fully protect your site from abuse but you could for example implement something like max one new password per day. Another way could be to add an additional detail, like postal code or something which is easy for user to determine but (probably) not for other people. My $0.02 -Jome -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
