[Database class] how to reset a password for user of your db application
Paul S. Wang
pwang at cs.kent.edu
Thu Apr 5 10:31:29 EDT 2012
Musaad,
Functions like PASSWORD() are known as one-way functions. The encrypted
result cannot be used to recover the original text string.
It it were otherwise, then what is the point of stroing the password
encrypted if the clear text can be recovered anyway.
When someone forgets a password, the usual procedure is
(1) the user must apply for a password reset.
(2) the user must know the userid
(3) a temporary, random password is generated and set for the user
and the info sent to the account's email address (on record)
(4) the user must then, after receiving the new password, go to the
system to change the password to something else.
I hope this helps.
Paul
On Wed, Apr 04, 2012 at 09:32:37PM -0400, Musaad Alzahrani wrote:
> Date: Wed, 4 Apr 2012 21:32:37 -0400
> From: Musaad Alzahrani <malzahr4 at kent.edu>
> To: pwang at cs.kent.edu
> Subject: the function PASSWORD() in MySQL
>
> Hello Dr Wang,
> In my project, I use the function PASSWORD() When inserting user's
> passwords into the database. As you know this function encrypts the
> passwords from plain-text to cipher-text . Is there any way to decrypt the
> passwords to plain-text when retrieving them from the database?
>
> I would like to do so because when users forget their passwords, I can
> email them their password in plain-text.
>
> Thank you and I appreciate your time.
> Musaad
--
==============================================================================
Paul S. Wang (王士弘) Email: pwang at cs.kent.edu
Dept. of Computer Science, Kent State U. Tel: (330) 672-9051
Kent, Ohio, USA 44242-0001 http://www.cs.kent.edu/~pwang/
==============================================================================
More information about the Dbclass
mailing list