30 Apr
2007
30 Apr
'07
6:18 p.m.
Include the links to user/password link (Request new password) in the mail. Create a user/remind_password link to have that in the mail instead. Just send the unencrypted password to the use.
Actually I have a client who knows his users so well, that he asked me to clear-text all the passwords...
Ouch. Let's not go there. That opens up too many very signficant security holes. I hope for your clients' sake that the passwords used are auto-generated and unique to that system. But if someone has done something similar, =with= encryption/decryption and auto-expiry, I'd love to talk with you. ari