Adaryl & all,
I'm definately not an expert on security, but I think you are right. Just the fact that you could store a password in an unencrypted format in your database (in order to email it back to them) means you are at more risk. It is much easier for employees to see the email addresses used and passwords and try the same passwords on the Hotmail accounts, etc. (and we all know how everyone here uses 16 character alpha-numeric passwords that are all unique and have special symbols RIGHT???) Email by nature is insecure, and including the password in it is a minor risk no matter what. However, it is far less likely to be hacked if the password sent out is a single use password and a new password has to be created after login. Add in the use of encrypted passwords in your database and you are much better off. It is pretty easy to do this and I can explain how if someone is interested. Footnote: Do as I say, not as I do... Ryan ========================================================= Kansas City ColdFusion User Group's website & listserv is hosted through the generous support of Clickdoug.com To send email to the list, email [EMAIL PROTECTED] To subscribe or unsubscribe, send an email to [EMAIL PROTECTED] with your request. For hosting solutions http://www.clickdoug.com Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1. ======================================================
