I want to enable visitors who have forgotten their password to request a new
one. I have seen that some sites simply require users to enter their e-mail
address. Then the server-side logic sends the password (perhaps a new
temporary one) to the e-mail address if it is a valid address in the db for
the site.
I'm looking for opinions and perspective on implementing something similar.
I understand that doing this would open up additional security risks - but
considering the tradeoffs, it might be worthwhile (no angry users calling me
at 2:00 AM). But as long as I'm going to do something like this, I want to
be smart about it. So, any feedback, links, etc that deal with this topic
would be appreciated..
1  1401 
This article may give you some things to think about : http://SteveOrr.net/faq/encrypt.aspx
--
I hope this helps,
Steve C. Orr, MCSD, MVP http://SteveOrr.net
"Alfred E. Newman" <Mr******@WhatM eWorry.com> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. I want to enable visitors who have forgotten their password to request a
new one. I have seen that some sites simply require users to enter their
e-mail address. Then the server-side logic sends the password (perhaps a
new temporary one) to the e-mail address if it is a valid address in the db
for the site.
I'm looking for opinions and perspective on implementing something
similar. I understand that doing this would open up additional security
risks - but considering the tradeoffs, it might be worthwhile (no angry
users calling me at 2:00 AM). But as long as I'm going to do something
like this, I want to be smart about it. So, any feedback, links, etc that
deal with this topic would be appreciated..
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: D E |
last post by:
When using my web application manager
(http://localhost:8080/admin)
I forgot my password. Is there an XML file i can look at to remember/obtain
(possibly even set).
Thanks
|
by: Ian |
last post by:
Hi
I know there are products out there that can do this like
http://www.psynch.com/technology/ska.html
What is the code that is used to Reset a Users password so the next time
they logon to the domain they are promoted for a new password?
I know the code will have to run under the Admin. That is fine I just need
to know what the API is and how to use it.
|
by: Rod |
last post by:
I have a requirement in which I need to allow the user to log into our
ASP.NET application, but also be able to change their Windows password, if
it is expired. I had thought that Windows authentication would do the
trick, but it appears not to. (If the user's password has expired, it will
sit there forever asking the user for their username and password in the
Windows login dialog box that pops up.)
1) The way I see it, I have two...
|
by: serkan |
last post by:
Guys,
I am trying to get this password reset functionality wor for me but I am not successful at all. Please somebody help me. I get "Your password could not be reset - please try again later" so I think the get_random_word function is not working right. Here are the scripts:
This is the script after the user enters his/her userid.
<?php
require_once("bookmark_fns.php");
// creating short variable name
$username = $_POST;
|
by: Showjumper |
last post by:
A question regarding forgotten passwords - As i understand it, it is best
and most secure to use a 1 way hash+salt to store passwwords, and then if
the user has forgotten the password, generate a new password and then email
to them. What i dont understand how that is any more secure than using a
reversible encryption to store the password which would allow decrypting and
then emailing it to the user. In both cases, an email is still sent w/...
| | |
by: Katash |
last post by:
Hello,
I am new to PHP and am working on a login system for my site,
currently supplied passwords are passed to MySQL and stored as md5 hashes,
my question is :- seeing as md5 is 1 way only what would be the best way to
implement a 'Forgotten Password' system whereby the user supplies an e-mail
address and the password is mailed to the user?
The process does not require military level security but I would like to
keep stored passwords...
|
by: custommx3 |
last post by:
I have designed a site that requires users to login. Me being new to
php, I hired a guy to help me setup the database. He set it up and it
works flawlessly. Well.. instead of helping me finish the project, he
has pretty much dissapeared.
Looking at the code, the passwords are stored using Md5 encryption in
the database. I was able to get a password retrieval form working,
but its sending the passwords encrypted.
Can they be...
|
by: DarthPeePee |
last post by:
Hello everyone.
I am working on a Password Strength Meter and I am running into 1 problem that I would like to fix.
When pressing the "Clear Password & Try Again" button, the password clears out of the text box, but the meter will stay at its current position until text is entered back into the textbox. Once text is re-entered, the meter will display the results again. I would like everything to reset when the button is pushed, but I...
|
by: twomt |
last post by:
Hello,
are there any tutorials/guides out there that explain how to handle this
subject?
I was thinking of having a member enter his username and email, after
which I then email him a new password.
Question from my side is if there is a php method to auto generate a
strong password.
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
