Hi !
I have a question about "forget password" page.
When users use this part, send for him/her a new password(random).
but I need send same password to e-mail address.
Please write for me and other users => that how to change this mood?
please help me, I waiting for your answer.
thanks a lot.
For security reasons it sends a random password. The user can change it back when they get in.
The password is encrypted in the database. No way to un-encrypt it.
(2010-10-04, 05:43 PM)Uncontrol Wrote: [ -> ]For security reasons it sends a random password. The user can change it back when they get in.
This is provided they remember the original password, in which case they wouldn't have needed to use the tool in the first place.
Regardless, the current method is the most secure. I'd rather not have my email compromised and a hacker gain all of my passwords.
You can't send them their old password, unless you save them in plain text in the db, which is insecure.
Their passwords are MD5ed in the database, so when resetting the password it sends the new password and encrypts it. You can unencrypt the password without a small supercomputer
(2010-10-05, 07:04 AM)Tommyk Wrote: [ -> ]You can't send them their old password, unless you save them in plain text in the db, which is insecure.
Their passwords are MD5ed in the database, so when resetting the password it sends the new password and encrypts it. You can unencrypt the password without a small supercomputer
You can't "decrypt" md5 hashes. You can brute force it and would take ages even with a super computer.
so, It is for increase security and this mood is the best mood for increase security.
thanks a lot.
please answer to this question, too.(if you know it) >>http://community.mybb.com/thread-79509.html
Rainbow tables could help i suppose
Salting is pretty good at increasing the time taken to crack it.