Secure login

web guru · 09-18-2003, 07:28 AM

I have written a login script and I think I have made it as secure as possible - check session id, user ip, encrypted passwords along with a few other methods. But I have used MD5 to encrypt my passwords. This is a one way encryption method, thus even the sys admin doesent know what your password is. But what if a user forgets hi/her password. How could I go about finding it out. I was thinking about storing the password somewhere else, but then what would be the point in encrypting it in the first place? Ay one got any ideas how to go about this or even any other ideas of encrypting passwords??

adam_uk · 09-18-2003, 01:22 PM

secret question

ur get the user to enter there user name and it sends an email with the pw in it to the adress in the user profile

deadserious · 09-18-2003, 02:00 PM

I think you would probably want to have something like a forgot password feature and have it generate a random password and send it to the email address you have on file and of course it would need to update your system so that randomly generated password was now their password until they login and change it.

That is probably quite a bit more coding, but I think that would be about your best option if you're using one way encryption like MD5. Most, if not all of the software that I've used, which uses MD5 for passwords seems to have a feature that works this way.

Another option would be to use RC4 if you wanted a way to encrypt and decrypt passwords.

web guru · 09-18-2003, 02:42 PM

Thanks dead thats a great idea!!

$D$2 · 10-08-2003, 08:50 AM

Can I get a copy of this code, I would like to encrypt it into my own website!

Thanks!

P.S. Your script sounds great!

adam_uk · 10-08-2003, 01:24 PM

Quote:

Originally posted by $D$2
Can I get a copy of this code, I would like to encrypt it into my own website!

Thanks!

P.S. Your script sounds great!

why dont u make it urself

Corey Bryant · 10-08-2003, 09:29 PM

Check out: http://www.outfront.net/spooky/login.htm for a free version of a similar script.

09-18-2003, 07:28 AM	#1 (permalink)
web guru NamePros Member Join Date: Jul 2003 Posts: 120 185.00 NP$ (Donate)	Secure login I have written a login script and I think I have made it as secure as possible - check session id, user ip, encrypted passwords along with a few other methods. But I have used MD5 to encrypt my passwords. This is a one way encryption method, thus even the sys admin doesent know what your password is. But what if a user forgets hi/her password. How could I go about finding it out. I was thinking about storing the password somewhere else, but then what would be the point in encrypting it in the first place? Ay one got any ideas how to go about this or even any other ideas of encrypting passwords?? __________________ Paulicon Web design - Your one stop shop

09-18-2003, 02:42 PM	#4 (permalink)
web guru NamePros Member Join Date: Jul 2003 Posts: 120 185.00 NP$ (Donate)	Thanks dead thats a great idea!! __________________ Paulicon Web design - Your one stop shop

10-08-2003, 09:29 PM	#7 (permalink)
Corey Bryant NamePros Member Join Date: Sep 2003 Posts: 33 50.00 NP$ (Donate)	Check out: http://www.outfront.net/spooky/login.htm for a free version of a similar script. __________________ Corey Merchant Accounts 4 Less

09-18-2003, 01:22 PM	#2 (permalink)
adam_uk Senior Member Join Date: May 2003 Posts: 2,211 6,170.25 NP$ (Donate)	secret question ur get the user to enter there user name and it sends an email with the pw in it to the adress in the user profile

09-18-2003, 02:00 PM	#3 (permalink)
deadserious Senior Member Join Date: Aug 2002 Posts: 1,300 2.85 NP$ (Donate)	I think you would probably want to have something like a forgot password feature and have it generate a random password and send it to the email address you have on file and of course it would need to update your system so that randomly generated password was now their password until they login and change it. That is probably quite a bit more coding, but I think that would be about your best option if you're using one way encryption like MD5. Most, if not all of the software that I've used, which uses MD5 for passwords seems to have a feature that works this way. Another option would be to use RC4 if you wanted a way to encrypt and decrypt passwords.

10-08-2003, 08:50 AM	#5 (permalink)
$D$2 New Member Join Date: Oct 2003 Posts: 14 21.00 NP$ (Donate)	Can I get a copy of this code, I would like to encrypt it into my own website! Thanks! P.S. Your script sounds great!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)