Re: [PHP] RFC: Storing User Info

Chris Anderson Mon, 16 Apr 2001 19:08:00 -0700
As far as decryption goes, ignore that. When they choose as password Crypt()
it with a seed. Then when the login, Crypt() what they type in with the same
seed and compare to 2. Decrypting means you have the dcryption source lying
around somewhere. A definite scurity problem. Crypt does a great job by
being just a one-way
street

----- Original Message -----
From: "Ashley M. Kirchner" <[EMAIL PROTECTED]>
To: "PHP-General List" <[EMAIL PROTECTED]>
Sent: Monday, April 16, 2001 2:41 PM
Subject: [PHP] RFC: Storing User Info


>
>     I'm looking for comments on this one.  I'm developing a site that
> will have user logins on it.  What's the best way to do this?  What to
> store, and how?
>
>     - Are people more inclined to use a username when they need to log
>       in to something, or would asking for an email (as the userID) be
>       better?
>
>     - How about storing passwords?  All of this info will be stored in
>       an MySQL DB.  How do admins generally do this type of stuff?
>       Encrypt the password stored in the DB, and decrypt it on the fly
>       to compare?  Store it in plain text?  Or store it encrypted,
>       and when the user logs in, encrypt that passwd (from the form)
>       and compare the strings?  (not sure if the latter would work)
>
>     - What about sending people passwords through email?  Like when
>       someone signs up the first time, they supply a passwd.  How do
>       people feel about sending that login information to the user in
>       plain text via email?  Or do you?
>
>     - What about when the user forgets their login?  Just fetch the
>       info from DB and mail it out to the (registered) email address?
>       Or, generate a new, generic one, mail that one out, and tell the
>       user to login and change it again?
>
>     Suggestions please.
>
>     AMK4
>
> --
> W |
>   |  I haven't lost my mind; it's backed up on tape somewhere.
>   |____________________________________________________________________
>   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   Ashley M. Kirchner <mailto:[EMAIL PROTECTED]>   .   303.442.6410 x130
>   SysAdmin / Websmith                           .     800.441.3873 x130
>   Photo Craft Laboratories, Inc.             .        eFax 248.671.0909
>   http://www.pcraft.com                  .         3550 Arapahoe Ave #6
>   .................. .  .  .     .               Boulder, CO 80303, USA
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] RFC: Storing User Info

Reply via email to
