Two-Way Encryption
Logging in a user is pretty easy. You use a JavaScript version of MD5 to encrypt the password, then use a PHP version to see if it matches the password in the DB.
Has anyone come up with a secure way to change passwords? The server doesn't know what the password is, so we can't use one-way encryption. And I'm not comfortable with sending plaintext passwords. Any ideas?
Has anyone come up with a secure way to change passwords? The server doesn't know what the password is, so we can't use one-way encryption. And I'm not comfortable with sending plaintext passwords. Any ideas?