FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Most secure way to reset a password via email link
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Most secure way to reset a password via email link [message #185166 is a reply to message #185164] Wed, 05 March 2014 21:47 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
On 05/03/14 19:51, Denis McMahon wrote:
> On Wed, 05 Mar 2014 07:54:35 -0800, jvd_200089 wrote:
>
>> On Wednesday, 5 March 2014 15:35:30 UTC, The Natural Philosopher wrote:
>
>> Yes, email link will point to https:// but when using SSL what wrong
>> with just redisplaying the password on the screen
>
> FUCK THE HELL NO!

I never said that!!!

Please get the attributions right..


>
> The ability to display the old password implies that you're either
> storing it in the clear (this is worst possible practice) or using a
> reversible hashing method (this is the second worst possible practice).
>
> When a user sets a password, it should be one-way hashed[1], and the hash
> stored. When a user tries to log in, apply the same one way hashing
> function, and check the hash of the supplied password with the stored
> hash of the original password.
>
> Never ever ever ever store passwords in a manner that they can be
> recovered, because when your database gets hacked (and the whole world
> now knows you have a database of passwords waiting to be hacked that
> might be stored in the clear) all your customers passwords will be
> completely compromised almost immediately.
>
> [1] Hashing includes salting.
>


--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: simple link won't show
Next Topic: Need help accessing the key array.
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 06:04:05 GMT 2024

Total time taken to generate the page: 0.04300 seconds