How can I secure paswords saved in MySQL database? hash?

[mesh2005]

I have a form where people register and their info (including username and password) is saved in the database. Some of my friends told me to save the hash of the password not the password itself to protect against any hack trial if the hacker got access to the database. Is that effective? If the hacker got access to the database, he cam simply generate the hash of a new password and save it in the database, right?

And, using the hash makes it not easy to recover the password! How can I give the users the ability to recover passwords?

 

[chocopi]

use md5()

 

Hope it helps

 

~ Chocopi

[redarrow]

use md5($password);

 

you can not unecript md5 so ur need the user to update there lost password but quering the date base with example a random number they got when they registred to your web site.

 

in this case the user would press a link call lost password or forgot password this would take them to a form askig thrm for a random number the number gave to them from registration, afther they fill in the random number you then have another form for them to enter there new email address at the same time you overwrite update the database with a new random number and there new email address ok.

 

same with passwords emails ect ect same concept ok.