|
I was looking at the database and am confused as to where the passwords are stored. Where can I find a password for a user so I can tell them what their password is if they forget it?
|
|
|
Passwords in the XUD database are stored so that they cannot be read by a person. They are stored in a hashed format. This means that the password is converted to a numerical value but the value cannot be easily converted back into a usable password. This makes the passwords much more secure in your system's database. Even if the system security is compromised, the values of the hashed passwords will not reveal your user's true password.
Because the password cannot be read back out of a hash value, even when you know the hashing algorithm used, the system cannot tell the user their password if they happen to lose or forget it. If this does happen to one of your users, they can get back into their account by going to the XUDLostPassword.asp page and specifying their email address. The system will then generate a new password, and email it back to the user. The user will now be able to login to their account on your site and change the password back to something they can remember. This provides a very flexible, but still secure means of managing user accounts on your XcAuction installation.
|
