freebsdntu Posted December 14, 2007 Share Posted December 14, 2007 I am writing a script to display user profile and let the user edit his or her profile. Regarding the password field,since it is stored as md5 hash string in the database,so how can I get it back to normal string? Also would there be any security issues in doing the conversion? I would display the password as password input type,of course. Any hints?Thank you! Quote Link to comment Share on other sites More sharing options...
zq29 Posted December 14, 2007 Share Posted December 14, 2007 No, you can't. Best advice would be to get them to enter their password again, hash and compare to see if they have permission to change their password, then just overwrite it with a new hashed password. Quote Link to comment Share on other sites More sharing options...
SyncViews Posted December 14, 2007 Share Posted December 14, 2007 yeah. But the good thing is it also means if a hacker somehow gets the md5 hashes from the database they are unlikly to ever get the exact password (partly because there are more than one combinations that give the eact same hash value) so while that might let them into your website it's unlikly that they can get into other websites with the same users (because so many people use the same password on almost every forum, site etc they register for) Quote Link to comment Share on other sites More sharing options...
freebsdntu Posted December 14, 2007 Author Share Posted December 14, 2007 Oh,ok,i see,thank you guys! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.