I wouldn't even store plain text passwords in the DB, normally they are md5-encrypted so nobody can read them.
They should never be shown, printed or emailed plaintext to anybody, not even to the administrator. If the student data need to be secure, make them secure. Joshua is definitely right. If someone forgot his password, let the system create a new temporary one-time-login password and send it to the email address the user registered with. Afterward, force the user to type in a new password, so that he can remember it. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://www.ixda.org/discuss?post=43289 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... disc...@ixda.org Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help