Well you can scratch any of those options that involve sending the user the password in plain text... you don't know it.
In CF4em, I've stored all passwords as hashes as well and the only option is to reset the password. The steps I take to do so are this... Each user record has a 'resetPasswordKey' field. When a user forgets their password, they enter their email address, the system finds the record, generates a key with createUUID() and sets that to the 'resetPasswordKey' field and emails a link to the password reset form with the key appended to the URL. Once you get to the form, it matches the record again but this time by the resetPasswordKey. If it finds the record, the form asks for the new password, hashes it and updates the database with the new password hash and sets the resetPasswordKey field to NULL again. You can download CF4em at http://cf4em.com if you want to see the actual code. ..:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -----Original Message----- From: Jim McAtee [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 15, 2008 6:02 PM To: CF-Talk Subject: Passwod recovery strategies I'm exploring some of the ways that we can implement password recovery. Passwords are stored as hashed values in a database. Some systems I've used will immediately reset the password, some send a message that when a link is followed resets the password. Some send the new password out in plaintext, some requre changing that password immediately, some let you use the randomly generated password indefinitely. Ideas, pros and cons of different approaches? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:303526 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
