hashed info

Cold|Drawn · Post by **Cold|Drawn** » Wed Feb 03, 2010 8:54 am

guys,

if some of the information say e-mail or password is hashed or encoded with salt

how are we suppose to retrieve the information if player requires for password or email recovery?

thanks.

OldRod · Post by **OldRod** » Wed Feb 03, 2010 10:00 am

Once it's hashed, you can't retrieve it.

What you do is this: hash the password the player enters and save it. Then later when you ask for the password (at login time, or whatever), hash what they enter and compare it to what you have saved. You have to use the same hash/salt routine both times of course, but you are comparing hashed value to hashed value, so it should work.

Post by **hallsofvallhalla** » Wed Feb 03, 2010 3:21 pm

and instead of doing a password recovery where you send them their password you just create a new password. I do not deal with sites that send your password via email. That is sickly unsafe.

OldRod · Post by **OldRod** » Wed Feb 03, 2010 4:15 pm

Exactly - when someone requests a lost password, generate a temporary one and email it to them.

Flag their account in some way to make them change their password on their next login so the temporary password you sent them only gets used once and you should be good to go

Assuming they gave you a valid email address of course

Post by **Jackolantern** » Wed Feb 03, 2010 10:27 pm

Here is a nice-looking tutorial to actually implement email verification for sign-up. I have not gone through it yet, but I plan on using something like it

That way you can be sure they gave a working email. If something doesn't actually verify my email, I almost always give a bogus one, and then that sucks if you ever forget your password and have no way to reset it. While it is partially my fault, we as developers need to reinforce what security measures are important in our products by verifying them up front.

OldRod · Post by **OldRod** » Wed Feb 03, 2010 11:51 pm

I had an email verification working using GMail as the mail sender. But apparently after a few usages, GMail changes something and it no longer works... I can create a new GMail account, use that for sending my mails and a couple days later it no longer works. Every single time... I finally gave up doing email verification until I get a server set up that can do mail() for me.

Post by **Jackolantern** » Thu Feb 04, 2010 2:00 am

OldRod wrote:I had an email verification working using GMail as the mail sender. But apparently after a few usages, GMail changes something and it no longer works... I can create a new GMail account, use that for sending my mails and a couple days later it no longer works. Every single time... I finally gave up doing email verification until I get a server set up that can do mail() for me.

What about Mercury Mail server? I have never used it, but it comes packed in with XAMPP, so it must have some value.

OldRod · Post by **OldRod** » Thu Feb 04, 2010 10:01 am

Well, I meant I was using GMail while I was using localhost during development. Does Mercury Mail server work with localhost?

Torniquet · Post by **Torniquet** » Thu Feb 04, 2010 10:05 am

i do believe it only works locally.

find it on youtube and it will show you how to set it up etc.

Edit~~

lookie here. not watched the tut yet. but i think i have before

http://www.youtube.com/watch?v=_QnfF64rA78

hashed info

hashed info

Re: hashed info

Re: hashed info

Re: hashed info

Re: hashed info

Re: hashed info

Re: hashed info

Re: hashed info

Re: hashed info