Click here to Skip to main content
13,145,068 members (56,503 online)
Rate this:
Please Sign up or sign in to vote.
See more:
I have used web site administration tool in to make user.My question is if a user forget the password and want to get back through email, how can i implement this using gmail.
Posted 25-Oct-11 5:13am

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

In general it's considered bad form to store the password in plaintext or in 2-way encrypted format. If a user forgets his password he should be sent a link to reset his password. His password should not be stored in a manner where it can be extracted nor should it under any circumstances be sent via plain text email.
SAKryukov 25-Oct-11 12:48pm
True, my 5. It leaves for explanation how password reset mechanism can work safely.
Nishant Sivakumar 25-Oct-11 14:36pm
Thanks SA.
Tech Code Freak 25-Oct-11 14:10pm
In what form must we store the password in the database?
Should we encrypt it before storing too?
Nishant Sivakumar 25-Oct-11 14:36pm
Should not be stored at all except as a hash of some form.
Tech Code Freak 26-Oct-11 2:34am
Thanks for the info! My 5up!
Tech Code Freak 26-Oct-11 12:08pm
OK I understood. But as hashing is one way, how to authenticate(verify) the password entered by the user with that in the database(hashed value)? Please help! I'm a little confused.
Nishant Sivakumar 26-Oct-11 12:25pm
Password verification is done by hash comparison.
Tech Code Freak 26-Oct-11 12:55pm
Does it mean that while registration, the user's password is hashed and stored in the database.
And then, when he wants to login and enters username and password, this entered password is sent to web server, hashed and this hash is compared with the hash stored in the database.
Is this right?
Nishant Sivakumar 26-Oct-11 12:56pm
Yes, that's exactly how most common password implementations work.
Tech Code Freak 27-Oct-11 4:37am
Okay, I understood. Thank You so much for all the help & info!
Which hashing technique is the best one you can recommend for such a task?
Mousumi2708 28-Oct-11 11:39am
Thank you Sir.But my question is how can I use Password Recovery control in ASP.NET? This control needs a mail Id To send the password.If I want to use
Gmail .com as a sender then what is the solution?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web02 | 2.8.170915.1 | Last Updated 25 Oct 2011
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100