[UPHPU] store sensitive data in mysql + php web application
Caleb Call
caleb at macjunk.net
Tue Jun 30 13:09:39 MDT 2009
On Tue, Jun 30, 2009 at 1:04 PM, CarSign <utahphp at forsalesticker.com> wrote:
>
>
>
> --- On Tue, 6/30/09, Richard K Miller <richardkmiller at gmail.com> wrote:
>
> > From: Richard K Miller <richardkmiller at gmail.com>
> > Subject: Re: [UPHPU] store sensitive data in mysql + php web application
> > To: "CarSign" <utahphp at forsalesticker.com>
> > Cc: "UPHPU" <uphpu at uphpu.org>, "Mac Newbold" <mac at macnewbold.com>
> > Date: Tuesday, June 30, 2009, 12:38 PM
>
> That is an interesting approach. What do they do if you have lost your
> password?
>
What should be done is a new temporary random password should be sent to the
user, and then they are forced to change it once they log on. It drives me
nuts when I request a forgotten password and they are able to send me my
password. Like Mac said, that means that if they are able to decrypt it, so
is every other person that has access to that server (or gains access to
it).
>
>
>
>
>
>
>
> _______________________________________________
>
> UPHPU mailing list
> UPHPU at uphpu.org
> http://uphpu.org/mailman/listinfo/uphpu
> IRC: #uphpu on irc.freenode.net
>
More information about the UPHPU
mailing list