Hi Kevin,
On Tue, Mar 27, 2001 at 02:27:55PM +0100, Kevin Williams wrote:
> Peeps,
>
> My problem is this. I'm not happy about storing plain text passwords in my database
>for users, so was considering using the password () function in order to store a hash
>of the password instead.
>
> sample SQL.
>
> $sql = "SELECT login,IPaddress,password,administrator,valid
> FROM $user_details_table
> WHERE IPaddress =\"$address\" OR (login =\"$username\" AND password =
>password(\"$password\"))
> ";
>
> now I don't have any problems writing to the database, or extracting either. The
>problem is I want to include one of those "Forgotten your password ?" entry points to
>email the user their password. How can I insert into an email their password, i.e.
>reverse the password function ? Cant find it documented anywhere.
>
You can't. Password is a one-way function. You can generate a new
password for them if you don't want to store it somewhere. If the
password function could be reversed, you should be just as nervous
about storing the result as you are now about storing the password
itself.
Regards,
Fred.
--
Fred van Engen XO Communications B.V.
email: [EMAIL PROTECTED] Televisieweg 2
tel: +31 36 5462400 1322 AC Almere
fax: +31 36 5462424 The Netherlands
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
