This is already listed in the FS thread, as: "e-mail current password as an admin option". The suggestion has no thread for discussion yet though, so here is it.
The reason I got triggered about this feature again is that I've recently visited numerous sites that allow you to receive your current password details. Especially for sites on which security is less important it'd be a nice to have.
The only thing I have to add to the suggestion as listed is that it'd probably require an option to use a different coding system than MD5 (which would allow decoding).
In the future encoding options will be selectable in your admin panel, and "don't encode" will be an option. When this is selected I'll have it email the current password.
Of course, you will not want to convert an existing site to this because all members would have to fill out the lost password form to get back in.
Hmmmm. Your last remark gives me an idea which might be useful for converting an existing site. Will make a separate thread for it as it is in essence a separate different feature suggestion.
That feature could potentially be used by an admin to force all users to change their password the next time they login. Once they change their password the new coding could be used.
Paul wrote: In the future encoding options will be selectable in your admin panel, and "don't encode" will be an option. When this is selected I'll have it email the current password.
Of course, you will not want to convert an existing site to this because all members would have to fill out the lost password form to get back in.
You probably already thought of this: My preference would be also having an option for an encoding algorithm which is also decodable. Causing the database to contain the encoded password (so that it isn't visible in MySQL or on backup). While still leaving it avaible for decryption when needed.
The only secure way to do that would be to write your own algorithm so that people who investigate WSN won't know what it is. That should be possible for anyone who knows php to do easily since it'll just be a function "encode" in classes/member.php. Having a decode in sending the password for that would also be a personal customization though.
0/5
1
2
3
4
5
This thread is closed, so you cannot post a reply.
Comments on E-mail current password
Forum Regular
Usergroup: Member
Joined: Jul 01, 2003
Total Topics: 38
Total Comments: 164
This is already listed in the FS thread, as: "e-mail current password as an admin option". The suggestion has no thread for discussion yet though, so here is it.
The reason I got triggered about this feature again is that I've recently visited numerous sites that allow you to receive your current password details. Especially for sites on which security is less important it'd be a nice to have.
The only thing I have to add to the suggestion as listed is that it'd probably require an option to use a different coding system than MD5 (which would allow decoding).
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
In the future encoding options will be selectable in your admin panel, and "don't encode" will be an option. When this is selected I'll have it email the current password.
Of course, you will not want to convert an existing site to this because all members would have to fill out the lost password form to get back in.
Forum Regular
Usergroup: Member
Joined: Jul 01, 2003
Total Topics: 38
Total Comments: 164
Hmmmm. Your last remark gives me an idea which might be useful for converting an existing site. Will make a separate thread for it as it is in essence a separate different feature suggestion.
Forum Regular
Usergroup: Member
Joined: Jul 01, 2003
Total Topics: 38
Total Comments: 164
https://www.webmastersite.net/forums/thread/4681
That feature could potentially be used by an admin to force all users to change their password the next time they login. Once they change their password the new coding could be used.
Forum Regular
Usergroup: Member
Joined: Jul 01, 2003
Total Topics: 38
Total Comments: 164
Paul wrote:
In the future encoding options will be selectable in your admin panel, and "don't encode" will be an option. When this is selected I'll have it email the current password.
Of course, you will not want to convert an existing site to this because all members would have to fill out the lost password form to get back in.
You probably already thought of this:
My preference would be also having an option for an encoding algorithm which is also decodable. Causing the database to contain the encoded password (so that it isn't visible in MySQL or on backup). While still leaving it avaible for decryption when needed.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
The only secure way to do that would be to write your own algorithm so that people who investigate WSN won't know what it is. That should be possible for anyone who knows php to do easily since it'll just be a function "encode" in classes/member.php. Having a decode in sending the password for that would also be a personal customization though.