idh63
Posts: 76
|
| Posted: 03/31/2006, 6:15 AM |
|
Hi,
Background on project
Although my database will only record a users name, email, address, username and password for the members area, I think it wise to encrypt the password field.
This I have done successfully. Before Update.
I have a welcome email which is excecuted from the sign-up page with custom code placed in After Insert
The Question
What's the best practice for sending a new users unencrypted password in the welcome email?
If the email is sent after successful insertion on the new user record the password is encrypted.
Should I create a temporary cookie with the unencrypted password and retrieve that for the email?
or
Should I create a Global variable for password field before encryption?
Am I not seeing a simple solution here?
All responses gratefully recieved
Thanks
|
 |
 |
mamboBROWN
Posts: 1713
|
| Posted: 04/02/2006, 8:43 AM |
|
idh63
When a user registers do they enter a password or do you assign one to them??
One idea would be to send them a system generated password that would force them to input thier own password once they signed on to the system.
|
|
|
|
idh63
Posts: 76
|
| Posted: 04/03/2006, 6:09 AM |
|
Hi Mambo Brown,
Thanks for the reply.
I have them entering a password then confirmimg that password on the next row.
I have been considering your suggestion for last 24 hours. It has merit and for many projects it would be the solution. However, for this project I want to get new members landing on our free offers page after signup.
I have two groupid's for members. one for new sign-up and another for after they confirm that the email address supplied actually get's to their inbox (confirm via confirmation link in email)
So basically I am giving them limited access as an un-confirmed member and full access once confirmed.
I am thinking of using the confirm password field for the confirmation email because I am validating the two password fields before password field is encrypted.
So this thought lead to me posting this thread.
I am not sure for how long the values from form fields are available once the the form insert is executed. I'm guessing right up until the landing page is excecuted.
So today I will attempt to insert my email code in After Insert and I'll see.
Thanks again for your suggestion and taking the time to reply 
|
|
|
|
|
