1
Mazarin
E-mails with user name and password to centrally registered users
  • 2010/4/9 19:48

  • Mazarin

  • Just can't stay away

  • Posts: 533

  • Since: 2008/12/10


I'm setting up a site where I register users centrally. Is there any way I can automatically send out an initial e-mail including BOTH the user name and the given password?

2
ghia
Re: E-mails with user name and password to centrally registered users
  • 2010/4/10 7:02

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


This french thread may give you some ideas.

3
anderssk
Re: E-mails with user name and password to centrally registered users
  • 2010/4/10 15:04

  • anderssk

  • Quite a regular

  • Posts: 335

  • Since: 2006/3/21


Mazarin, that would be an unsecured way doing it.
Always keep the user name and password separated

Create the users and add some password for them.
You can use the xpassgen to create some stupid passwords
Alternative just go into the database and ad some password value (hash value(

Ask the users to use the lost password function and neither you, the user or the hackers know the actually (first time) password at any time.


4
Mazarin
Re: E-mails with user name and password to centrally registered users
  • 2010/4/10 22:07

  • Mazarin

  • Just can't stay away

  • Posts: 533

  • Since: 2008/12/10


Security is not a real issue here since we're not dealing with sensitive information, but of course you're right in principle. I'll probably end up going with your suggested solution, as it is the most time efficient.

Also, thanks for your suggestion Ghia. I may implement it eventually if I have the time.

5
Peekay
Re: E-mails with user name and password to centrally registered users
  • 2010/4/12 0:05

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


I agree with anderssk. To cover your back, if you plan to send out usernames and passwords by email, I would add a strong recommendation in the mail template that your clients should print out the email... and then delete it.

If the email is left in the inbox of a free mail account that is compromised, then your user's XOOPS account is also compromised. Many Google mail users suffered a security breach recently that would have given you a big headache if your proposed email was downloaded by the hackers.

6
ghia
Re: E-mails with user name and password to centrally registered users
  • 2010/4/12 8:32

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


I don't understand all the security fuss.
Quote:
Ask the users to use the lost password function and neither you, the user or the hackers know the actually (first time) password at any time.
The french threads' hacks are based on the lost password routines.
And in the lost password function the user name and the password is sent by mail!

Login

Who's Online

229 user(s) are online (36 user(s) are browsing Support Forums)


Members: 0


Guests: 229


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits