I was setting up a news site that is customized for the registered user. I wanted that user to have the ability to be able to click a button and have the password e-mailed to him. The password function that I used is password(password) through mysql. Do you know how I can get the encrypted string to translate to the password to be emailed?
-----Original Message----- From: @ Edwin [mailto:copperwalls@;hotmail.com] Sent: Tuesday, November 12, 2002 10:45 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Trying to e-mail password "John W. Holmes" <[EMAIL PROTECTED]> wrote: > ...[snip]... > And where do you plan on storing this 'secret code' that your dynamic > PHP script have to have access to in order to add users and send > forgotten email messages?? > > If you have something to protect, then you should have your own server > or get it with someone you can trust. If the hacker can see your mysql > data, they can see the source of your PHP scripts, and nothing is hidden > anymore. Unless you encode your PHP scripts ;) ...with Zend Encoder, perhaps? I agree. You really need to have your own server, within your own premises, (physically) accessible only by your own self if you're really thinking about making your scripts/db/site "secure". I am not against encoding/decoding passwords in the db. In fact, I'd even say that it's a good idea to encode names, tel nos., e-mail addresses, etc. But what beats me is this: This thread is about e-mailing passwords. If you're thinking about security why would you send your user's password? Beats me. (Unless of course you're using some kind of digital signature, etc. and encoding you're e-mails as well...) Just mho, - E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
