13.02.2011, 19:40
If people forget their password, you don't send it back to them, because you shouldn't be able to. Have you ever seen a decent site with a password recovery function that actually sends back your real password?
Simply because they shouldn't be able to since it's hashed, they always either generate a new one and send you that, or else make you set a new one yourself. If you want to reset people's passwords, just generate a new one for them, hash it and store it in their file.
Simply because they shouldn't be able to since it's hashed, they always either generate a new one and send you that, or else make you set a new one yourself. If you want to reset people's passwords, just generate a new one for them, hash it and store it in their file.