Webmastersite.net
Register Log In

E-mail current password
3.13, Feature Suggestion

Comments on E-mail current password

Quantum
Forum Regular

Usergroup: Member
Joined: Jul 01, 2003

Total Topics: 38
Total Comments: 164
Quantum
Posted Dec 30, 2004 - 8:39 AM:

This is already listed in the FS thread, as: "e-mail current password as an admin option". The suggestion has no thread for discussion yet though, so here is it.

The reason I got triggered about this feature again is that I've recently visited numerous sites that allow you to receive your current password details. Especially for sites on which security is less important it'd be a nice to have.

The only thing I have to add to the suggestion as listed is that it'd probably require an option to use a different coding system than MD5 (which would allow decoding).
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted Dec 30, 2004 - 10:15 AM:

In the future encoding options will be selectable in your admin panel, and "don't encode" will be an option. When this is selected I'll have it email the current password.

Of course, you will not want to convert an existing site to this because all members would have to fill out the lost password form to get back in.
Quantum
Forum Regular

Usergroup: Member
Joined: Jul 01, 2003

Total Topics: 38
Total Comments: 164
Quantum
Posted Dec 30, 2004 - 7:15 PM:

Hmmmm. Your last remark gives me an idea which might be useful for converting an existing site. Will make a separate thread for it as it is in essence a separate different feature suggestion.
Quantum
Forum Regular

Usergroup: Member
Joined: Jul 01, 2003

Total Topics: 38
Total Comments: 164
Quantum
Posted Dec 30, 2004 - 7:21 PM:

https://www.webmastersite.net/forums/thread/4681

That feature could potentially be used by an admin to force all users to change their password the next time they login. Once they change their password the new coding could be used.
Quantum
Forum Regular

Usergroup: Member
Joined: Jul 01, 2003

Total Topics: 38
Total Comments: 164
Quantum
Posted Dec 30, 2004 - 7:24 PM:

Paul wrote:
In the future encoding options will be selectable in your admin panel, and "don't encode" will be an option. When this is selected I'll have it email the current password.

Of course, you will not want to convert an existing site to this because all members would have to fill out the lost password form to get back in.

You probably already thought of this:
My preference would be also having an option for an encoding algorithm which is also decodable. Causing the database to contain the encoded password (so that it isn't visible in MySQL or on backup). While still leaving it avaible for decryption when needed.
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted Jan 02, 2005 - 1:03 AM:

The only secure way to do that would be to write your own algorithm so that people who investigate WSN won't know what it is. That should be possible for anyone who knows php to do easily since it'll just be a function "encode" in classes/member.php. Having a decode in sending the password for that would also be a personal customization though.
Search thread for
Download thread as
  • 0/5
  • 1
  • 2
  • 3
  • 4
  • 5



This thread is closed, so you cannot post a reply.