I'm going to jump in here and give a little more information.
The password() function is in fact a one way encryption. For a two way
encryption use the encode() function. But beware, any data stored with the
encode() function is only as secure as the master password you assign it.
You can do some interesting things here though to make the master password
dynamic based on some other criteria....but if someone gets ahold of your
code, they can see what your doing. Convinience such as "Email me my
password" always comes with a price in the security world.
----- Original Message -----
From: "Fred van Engen" <[EMAIL PROTECTED]>
To: "Kevin Williams" <[EMAIL PROTECTED]>; "MySQL Mailing
List" <[EMAIL PROTECTED]>
Sent: Tuesday, March 27, 2001 6:06 AM
Subject: Re: Password function
> Hi Kevin,
>
> On Tue, Mar 27, 2001 at 02:27:55PM +0100, Kevin Williams wrote:
> > Peeps,
> >
> > My problem is this. I'm not happy about storing plain text passwords in
my database for users, so was considering using the password () function in
order to store a hash of the password instead.
> >
> > sample SQL.
> >
> > $sql = "SELECT login,IPaddress,password,administrator,valid
> > FROM $user_details_table
> > WHERE IPaddress =\"$address\" OR (login =\"$username\" AND password =
password(\"$password\"))
> > ";
> >
> > now I don't have any problems writing to the database, or extracting
either. The problem is I want to include one of those "Forgotten your
password ?" entry points to email the user their password. How can I insert
into an email their password, i.e. reverse the password function ? Cant find
it documented anywhere.
> >
>
> You can't. Password is a one-way function. You can generate a new
> password for them if you don't want to store it somewhere. If the
> password function could be reversed, you should be just as nervous
> about storing the result as you are now about storing the password
> itself.
>
> Regards,
>
> Fred.
>
> --
> Fred van Engen XO Communications B.V.
> email: [EMAIL PROTECTED] Televisieweg 2
> tel: +31 36 5462400 1322 AC Almere
> fax: +31 36 5462424 The Netherlands
>
> ---------------------------------------------------------------------
> Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
>
>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
