homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Gold Sponsor 2015!
Home / Forums Index / Code, Content, and Presentation / Databases
Forum Library, Charter, Moderator: open

Databases Forum

Database table disassociation security - lost password questions
JAB Creations

WebmasterWorld Senior Member jab_creations us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 4221824 posted 8:48 pm on Oct 25, 2010 (gmt 0)

I've begun working with somewhat sensitive information being stored in a database and I've figured out that I can use generate a hash for table association on data the user provides (such as their password).

The problem I'm not entirely certain how to deal with is dealing with users who have lost their password. One solution I read was to create a user/hash association elsewhere besides the database. I can think of a couple places such as having it stored in a flat file though that would still be on the server. I could also have an email account created and have the password and user id automatically sent to that email address which could be on a different server.

Thoughts please?

- John



WebmasterWorld Senior Member 10+ Year Member

Msg#: 4221824 posted 9:21 pm on Oct 26, 2010 (gmt 0)

If they lose their password, just give them a screen to enter their email address, then generate and send them a new one. Then give them the opportunity to change it to something friendlier once they've logged back in.

No point storing hashed passwords if you're going to have to put a key under a doormat somewhere.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Databases
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved