Eric
Posts: 17326
Joined: 10/10/2003 From: Seattle, WA Status: offline
|
Schu, I have been meaning for quite some time to switch to storing a hash and doing challenge/response questions for password resets. And ideally to login on an SSL page and then redirect to non-SSL pages just sending the hash back and forth. It's just enough code (and will require everyone to log back in once) that I have been holding off until I can do the whole scenario 'right.' And yes, when you register, there is a really clear warning that you should not use a specially 'secure' password.
_____________________________
Cheers! -Eric LeVine http://twitter.com/cellartracker http://facebook.com/cellartracker
|