[thelist] Retrieving password() field from a MySQL table

jay d jaydeenyc at lycos.co.uk
Mon Jan 20 21:17:01 CST 2003

On Monday, January 20, 2003, at 08:49 PM, Bill Haenel wrote:

> Eventually I just need to be able to return the password for those who
> forget. Perhaps I should just go without encoding it in the first
> place. (?)

i agree with the other poster that encoding/encrypting is a good thing
and shouldn't be dismissed because it's a bit tricker to work with.
the challenge question approach is used by tons of places; i'm also
fond of something along the lines of: if someone requests their
password, it is reset to something random and that is sent to them, and
the user must then reset it to whatever they choose.  this way, again,
only they can know it.  with the challenge question system, _you_ have
both the question and answer, so you could just use the form yourself
to look at all the users' passwords. i don't see this approach all that
often with web stuff, but it's a standard unix sysadmin practice and
the principle is the same.


    J.D. Welch			|    so.there at showtunepink.com
    graphic designer    	|    http://www.showtunepink.com
    web developer       	|    https://kitschparade.ath.cx

More information about the thelist mailing list