Folk, I need some input on how best to store username/password combinations online. My preference would be to store a one-way encrypted value, but that is not possible in this situation. The constraint is that we have to make provision for giving the user's password back to the user after a "forgot my password" link has been clicked.
(Oh, a secondary input would be on the best way to accomplish the password return to the user <grin />.) Normally, I store passwords as a one-way hash, then encrypt input to see if it matches, but I can't do that this time: I have to store a clear text or decryptable value. I've seen several approaches to this, but don't see any clear 'best practice'. Right now I'm leaning toward a multiple table design, but I have no real idea if this is a better model than a single table design. I'd really appreciate input from some of you who have wrestled with this problem before. If it matters, the development box is Win2K/IIS5, PHP 4.0.5, MySQL 3.23.32, and the implementation box is *nix/Apache 1.3.22, PHP 4.1.1, MySQL 3.23.47. I'd appreciate any suggestions for a best resolution. Thanks. Make a good day . . . . . . barn ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you're not confused, you're not paying attention ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
