Question about authentication script

Forum Moderators: coopster

Message Too Old, No Replies

Question about authentication script

if I crypt() pwds, they're not retrievable, right?

louponne

5:05 pm on Nov 15, 2003 (gmt 0)

I'm building my first authentication script. I have it working (yippee:) but think it's probably better to crypt() the passwords before sending them to mysql. But then it occurs to me that if I do that, there's no way for the admin to see them, nor to e-mail them to a forgetful user, right?

Is there any way around that?

jatar_k

6:25 pm on Nov 15, 2003 (gmt 0)

in our system we use md5 on the passwords and then dump them into oracle. You're right, there is no way for me to see or tell someone their password. This adds to the security of the system. There is no possible way for anyone to log into their account unless they tell someone the password.

We have a forgot password function that gens a new password, emails it to them, and allows them to login but they are forced to change the temp one right when they login next.

Then I also don't have to worry about every person who forgets their password, it becomes automated.

louponne

7:18 am on Nov 17, 2003 (gmt 0)

Yes, I guess generating a new password automatically is the way to go in this case! Thanks for your help!