On Mon, 2007-10-08 at 13:30 -0700, onno wrote: > My application lets users register. I'm using James Bennet > registration module. > But I wonder how to make a lost password page for a user that forgot > their password? Wich module do I use for that?
Django doesn't store the user's password anywhere, so it isn't recoverable if they forget it. You can only generate a new password and send it to them. In case you wonder how that could be possible, in the database we store a hash of the password. When the user types in their password, we hash that and compare it to the hash we stored in the database. The problem with recovery (and the security advantage of this method) is that a hash is effectively one way -- you can compute a password string that hashes to the same value with enough time and computational resources, so it's not iron-cast, but for practical purposes, it's one-way. So, given a cleartext password, we can compute the hash, but we cannot got from hash back to password. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
