On Sat, 09 Apr 2005 14:51:49 -0400 [EMAIL PROTECTED] wrote: > A digression to a related issue (where I did take the conservative > approach): A system I'm working on now was originally set up with > password hashes in the database -- the PW itself was never stored. But > the client wanted an "email me my password" feature so we had to > encrypt and store the PW. Of course if someone had access to the > database they'd get a lot of other stuff probably more useful than PWs > so I don't worry about this too much. But I would rather have used the > hash.
You could've changed the password for them to something random, mail it to them and keep the hash in the database. -- Skippy - Romanian Web Developers - http://ROWD.ORG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
