[01:14:17] <FONT COLOR="#008080">---</FONT> <font color="#616161">Baastuul_ is now known as Baastuul</font><BR>
[02:12:58] &lt;<font color="#0000C0">Baastuul</font>&gt; Hmmm.<BR>
[02:13:05] &lt;<font color="#0000C0">Baastuul</font>&gt; It seems I made an Exult forum account a long time ago.<BR>
[02:13:12] &lt;<font color="#0000C0">Baastuul</font>&gt; I don't remember the password, is there a way to retrieve it?<BR>
[14:12:40] &lt;<font color="#B0B0B0">Colourless</font>&gt; hi<BR>
[14:24:33] &lt;<font color="#800080">wjp</font>&gt; hi<BR>
[14:49:23] &lt;<font color="#B0B0B0">Colourless</font>&gt; you know, I'm curious about how various forum software stores user passwords. If the software can email out a lost password, then you would have to assume the password is being stored as plain text or something that can easily be converted to plain text. The assumption then is if the system is compromised then an intruder can gain access to the passwords of all the users.<BR>
[14:50:01] &lt;<font color="#B0B0B0">Colourless</font>&gt; To me, that does sort of seem wrong<BR>
[14:54:13] &lt;<font color="#800080">wjp</font>&gt; our forum stores them hashed<BR>
[14:54:15] &lt;<font color="#800080">wjp</font>&gt; not sure about others<BR>
[14:54:51] &lt;<font color="#800080">wjp</font>&gt; what you'd probably want to do about lost passwords, is allow sending some kind of temporary new "password" to the registered email address<BR>
[14:55:10] &lt;<font color="#800080">wjp</font>&gt; if the user enters this "password" on a special page, allow him to change his password<BR>
[14:55:11] &lt;<font color="#B0B0B0">Colourless</font>&gt; yeah, i've seen some forums do that<BR>
[14:55:51] &lt;<font color="#800080">wjp</font>&gt; (but do not change the password directly when sending the mail)<BR>