Barn. I asked the same question couple of weeks ago and all the answers I got pointed to one way encryption. Actually, I had the same need that you, but understood that it was better to reset the password when a "Forgot password" was made, send it to the user and ask them to change the password at the next login.
I suppose you have the same problem that I had... few users who would get angry if such thing is asked to do. But then I realize that if I used a very common "words" list to generate random passwords, they might even learn that password without changing it. After all the responses I've get regarding this issue, I never got the answer to how do a two way encrypting so, if this doesn't help you... > -----Original Message----- > From: databarn [mailto:[EMAIL PROTECTED]] > Sent: Sunday, June 30, 2002 10:36 AM > To: MySQL > Subject: Soliciting best approach for storing passwords . . . > > Folk, > I need some input on how best to store username/password combinations > online. My preference would be to store a one-way encrypted value, but > that is not possible in this situation. The constraint is that we have to > make provision for giving the user's password back to the user after a > "forgot my password" link has been clicked. > > (Oh, a secondary input would be on the best way to accomplish the password > return to the user <grin />.) > > Normally, I store passwords as a one-way hash, then encrypt input to see > if it matches, but I can't do that this time: I have to store a clear > text or decryptable value. I've seen several approaches to this, but > don't see any clear 'best practice'. Right now I'm leaning toward a > multiple table design, but I have no real idea if this is a better model > than a single table design. I'd really appreciate input from some of you > who have wrestled with this problem before. > > If it matters, the development box is Win2K/IIS5, PHP 4.0.5, MySQL > 3.23.32, and the implementation box is *nix/Apache 1.3.22, PHP 4.1.1, > MySQL 3.23.47. > > I'd appreciate any suggestions for a best resolution. Thanks. > > > > Make a good day . . . > . . . barn > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > If you're not confused, you're not paying attention > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <mysql-unsubscribe- > [EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php