Daniel Hardaker writes:
>> Is it possible to get vpopmail/vchkpw (with mysql support) to store
>> passwords in clear text? The reason why I am asking this is would like a
>> "password retrieval feature" using a hint question (like in hotmail),
> using
>> a php script I wrote (cracking the hashes would be silly).
>> :P
Daniel Wrote:
> Hmm...im sure it is, but its extremely unsafe especially using
> mySQL...
Why would it be exteremly unsafe if I am the only local user on that box. No
one else has local access to the server and I limit access to the mysql
server only from localhost. Besides, all the user's and passwords in the
mysql database are virtual (Thanks to vpopmail.)
>surely it would be much better to have the hint question and then
> get your script to reset the password and allow the user to change it to
> whatever thet like? Just my opinion.. :)
>
Now, Your suggesstion is very good, except for the fact that "changing it"
is not so easy because as far as I know the mysql encryption funtions are
not compatible with unix crypt functions so I guess I cannot do it from php
if the password has to be checked against a hash.
also discussed earlier on the list:
http://www.mail-archive.com/vchkpw@inter7.com/msg01882.html
Am I correct? Let me know!
Tamer
