E-mail current password: WSN Support

E-mail current password
3.13, Feature Suggestion

Version: WSN Forum 1.00 Beta 3

E-mail current password

Quantum
Forum Regular

Usergroup: Member
Joined: Jul 01, 2003
Total Topics: 39
Total Posts: 173

Posted 12/30/04 - 06:39 AM:	#1
This is already listed in the FS thread, as: "e-mail current password as an admin option". The suggestion has no thread for discussion yet though, so here is it. The reason I got triggered about this feature again is that I've recently visited numerous sites that allow you to receive your current password details. Especially for sites on which security is less important it'd be a nice to have. The only thing I have to add to the suggestion as listed is that it'd probably require an option to use a different coding system than MD5 (which would allow decoding).

Paul
Administrator

Usergroup: Administrator
Joined: Dec 21, 2001
Location: Northern California
Total Topics: 55
Total Posts: 6014

Posted 12/30/04 - 08:15 AM:	#2
In the future encoding options will be selectable in your admin panel, and "don't encode" will be an option. When this is selected I'll have it email the current password. Of course, you will not want to convert an existing site to this because all members would have to fill out the lost password form to get back in.
"Do things you love doing, because then it ain't work. Don't do something you don't really enjoy, because you're never going to work hard enough at it." - Bob Young, founder of Red Hat

Quantum
Forum Regular

Usergroup: Member
Joined: Jul 01, 2003
Total Topics: 39
Total Posts: 173

Posted 12/30/04 - 05:15 PM:	#3
Hmmmm. Your last remark gives me an idea which might be useful for converting an existing site. Will make a separate thread for it as it is in essence a separate different feature suggestion.

Quantum
Forum Regular

Usergroup: Member
Joined: Jul 01, 2003
Total Topics: 39
Total Posts: 173

Posted 12/30/04 - 05:21 PM:	#4
http://www.webmastersite.net/forums/thread/4681 That feature could potentially be used by an admin to force all users to change their password the next time they login. Once they change their password the new coding could be used.

Quantum
Forum Regular

Usergroup: Member
Joined: Jul 01, 2003
Total Topics: 39
Total Posts: 173

Posted 12/30/04 - 05:24 PM:	#5
Paul wrote: In the future encoding options will be selectable in your admin panel, and "don't encode" will be an option. When this is selected I'll have it email the current password. Of course, you will not want to convert an existing site to this because all members would have to fill out the lost password form to get back in. You probably already thought of this: My preference would be also having an option for an encoding algorithm which is also decodable. Causing the database to contain the encoded password (so that it isn't visible in MySQL or on backup). While still leaving it avaible for decryption when needed.

Paul
Administrator

Usergroup: Administrator
Joined: Dec 21, 2001
Location: Northern California
Total Topics: 55
Total Posts: 6014

Posted 01/01/05 - 11:03 PM:	#6
The only secure way to do that would be to write your own algorithm so that people who investigate WSN won't know what it is. That should be possible for anyone who knows php to do easily since it'll just be a function "encode" in classes/member.php. Having a decode in sending the password for that would also be a personal customization though. Edited by Paul on 01/01/05 - 11:08 PM
"Do things you love doing, because then it ain't work. Don't do something you don't really enjoy, because you're never going to work hard enough at it." - Bob Young, founder of Red Hat

You don't have permission to post.