On Tue, Jun 30, 2009 at 1:04 PM, CarSign <[email protected]> wrote:
> > > > --- On Tue, 6/30/09, Richard K Miller <[email protected]> wrote: > > > From: Richard K Miller <[email protected]> > > Subject: Re: [UPHPU] store sensitive data in mysql + php web application > > To: "CarSign" <[email protected]> > > Cc: "UPHPU" <[email protected]>, "Mac Newbold" <[email protected]> > > Date: Tuesday, June 30, 2009, 12:38 PM > > That is an interesting approach. What do they do if you have lost your > password? > What should be done is a new temporary random password should be sent to the user, and then they are forced to change it once they log on. It drives me nuts when I request a forgotten password and they are able to send me my password. Like Mac said, that means that if they are able to decrypt it, so is every other person that has access to that server (or gains access to it). > > > > > > > > _______________________________________________ > > UPHPU mailing list > [email protected] > http://uphpu.org/mailman/listinfo/uphpu > IRC: #uphpu on irc.freenode.net > _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
