RE: SOT - adding password forgot function to Mura CMS
Correction: it appears that Mura hashes the info in the database First, sorry for the SOT The current version of MURA does not have a 'forgot password' feature. It only gives the user a 'reset' All the emails/passwords are encrypted in the database Does anyone have a suggestion on how to add a traditional 'forgot password' feature that will query the db and return the info to the user's email address? Thank you for your consideration ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344963 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: SOT - adding password forgot function to Mura CMS
Current security practices believe this is a bad idea. If you could do that then as the person running the site you would be able to get access to all of your users passwords. The password reset feature is safer. The user pick the password and the system hashes it, that is all that is saved and it is one way (you can't get the original password). Then when they try to log in again the password they enter is hashed the same way and compared to the hash that is saved. If they match they get in, if not well they can always reset. Steve -Original Message- From: cfcom [mailto:cf...@aceligent.com] Sent: Friday, May 27, 2011 12:28 PM To: cf-talk Subject: SOT - adding password forgot function to Mura CMS First, sorry for the SOT The current version of MURA does not have a 'forgot password' feature. It only gives the user a 'reset' All the emails/passwords are encrypted in the database Does anyone have a suggestion on how to add a traditional 'forgot password' feature that will query the db and return the info to the user's email address? Thank you for your consideration ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344964 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT - adding password forgot function to Mura CMS
The current version of MURA does not have a 'forgot password' feature. It only gives the user a 'reset' All the emails/passwords are encrypted in the database Does anyone have a suggestion on how to add a traditional 'forgot password' feature that will query the db and return the info to the user's email address? Correction: it appears that Mura hashes the info in the database If you don't have the password, you can't return the password. The point of using a hash is so you don't have to store the actual password. So, in conclusion - you can't. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344965 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
