that's very true, you put in the risk the others accounts....
Maxim Maletsky
-----Original Message-----
From: Josh G [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 11:32 AM
To: PHP User Group
Subject: Re: [PHP] password() ::: and it's return...
Well it's up to you wether or not to encrypt passwords, but it's very
irresponsible not to. If somebody cracks your system, chances are
they'll get passwords that can be used on accounts your users have
in other places, so your customers suffer more than they should for
your lax in security.
People say "but if they're in my db then the damage is done" but
you're not the only one out there, and like it or not, there's no way
anybody can manage a different password on every damned site
that makes you sign up.
Gfunk - http://www.gfunk007.com/
I sense much beer in you. Beer leads to intoxication, intoxication to
hangovers, and hangovers to... suffering.
----- Original Message -----
From: "Maxim Maletsky" <[EMAIL PROTECTED]>
To: "'Chris Lee'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, January 16, 2001 1:27 PM
Subject: RE: [PHP] password() ::: and it's return...
> Yeah, in fact that's my point. If you cannot decrypt a password, there's
no
> way to return it , right?
> So how come these "big guys" DO return it to you?
> And what is the most secure way for it. Some of these companies deal with
> finances, the security is a REAL issue over there...
>
> Maxim Maletsky
>
> -----Original Message-----
> From: Chris Lee [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 16, 2001 11:16 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] password() ::: and it's return...
>
>
> sites do though. many sites allow me to click some link and they email me
my
> passwd in case Ive forgoten it. ICQ.com even does this.
>
> Chris Lee
> Mediawaveonline.com
>
>
> ""Josh G"" <[EMAIL PROTECTED]> wrote in message
> 00e401c07f60$f325c2a0$0e01a8c0@swinger">news:00e401c07f60$f325c2a0$0e01a8c0@swinger...
> > I'm not sure I understand the question. What exactly do you mean? Are
> > you talking about returning it from the client already encrypted? Not
sure
> > if anybody does that, as JS doesn't have a whole lot of useful
encryption
> > stuff in it, and iirc the md5() algorith is rather lengthy.
> >
> > Gfunk - http://www.gfunk007.com/
> >
> > I sense much beer in you. Beer leads to intoxication, intoxication to
> > hangovers, and hangovers to... suffering.
> >
> >
> > ----- Original Message -----
> > From: "Maxim Maletsky" <[EMAIL PROTECTED]>
> > To: "'Chris Lee'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Tuesday, January 16, 2001 1:01 PM
> > Subject: RE: [PHP] password() ::: and it's return...
> >
> >
> > >
> > > Instead I am curious how other developers on this list are returning
the
> > > MD5, password() or whatever in permanently encrypted passwords...
> > >
> > > What are procedures and what is the way the return process work?
> > > Any tricks/tips to share with all of us?
> > >
> > > Cheers,
> > > Maxim Maletsky
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Chris Lee [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, January 16, 2001 10:53 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [PHP] password()
> > >
> > >
> > > simple answer is no. the only way to decrypt the passwd is to run it
> > through
> > > a cracker. All admins are used to this and know that if a user has
lost
> a
> > > passwd that they are going to have to give them a new one, finding the
> old
> > > just isnt work one week of processing time :)
> > >
> > > Im curious to see how other php developers store their passwd's
> > > -plain text in db
> > > -use of unix password()
> > > -use of db password()
> > > -other ?
> > >
> > > Chris Lee
> > > Mediawaveonline.com
> > >
> > >
> > > ""Jason Jacobs"" <[EMAIL PROTECTED]> wrote in message
> > > 011501c07f3f$c415bcc0$5800a8c0@doc">news:011501c07f3f$c415bcc0$5800a8c0@doc...
> > > > Hi. I use password() to excrypt my passwords when I'm adding users
to
> > my
> > > > mysql database. I'm wondering if there's a function to use to
> > un-encrypt
> > > it
> > > > (for a web interface to change the password, and so the admin who is
> > > editing
> > > > user info can see what it is). Thanks for any help.
> > > >
> > > > Jason
> > > >
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
> > > >
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> > >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
