badger
Posts: 1
|
| Posted: 04/02/2008, 9:04 AM |
|
I am trying to improve the logon security system for a number of our web applications and have had some success in using the encrypted password feature. I have managed to build an account management page that uses the MD5 password encryption to store encrypted passwords in my MS SQL database. This work well under test and I can login to various forms without any issue.
I have been trying to extend the functionality of the applications by sending a user a password reminder by e-mail should they request it. To do this I have been testing the CCDecryptString function, but with little success. The code line I have been using is CCDecryptString(tLogon.MyPass.Value,"1234") where 1234 is my key. However the returned decrypted string never matches the original text?
Any help would be greatly appreciated.
Badger
|
 |
 |
wkempees
Posts: 1679
|
| Posted: 04/03/2008, 3:40 PM |
|
afaik, MD5() is encrypt only.
So if you want to send the user issued password back to the user,
you will have to do it before it is MD5()'d.
For 'lost password':
Instead of decrypting and sending the decrypted password by mail to the user,
issue a new password (readable or MD5(), store that, and send that new password to the user.
Will assure your users that you actually do not know their password!
OR:
Use another encryption method, supplied in the doc's and/or help files.
Walter
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
|
|
