SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Sep 2004
    Location
    Italy
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    sending login details via email

    Hi,

    I have a site designed in php. An admin login can create new users, assigning usernames and passwords. The login details are then sent via email to the user.

    How can I send these details in a secure manner? My only option is to send them via email. I'm a newbie at this, so I would appreciate any info or a link to a tutorial.

    Thanks!

  2. #2
    SitePoint Evangelist TRISPECTIVE's Avatar
    Join Date
    Sep 2002
    Location
    n/a
    Posts
    477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Unfortunately, there is no secure or insecure in sending an email. The email is just sent. The only thing that would improve security, is the way the user retrives the messages from his POP account; using SSL or not. However, there are very little people actually using this method.

    Now, probably there would be a couple of ways to put a bit of security around this. One of them for example is to assign temporary password and require the users to change their passwords at their first logon.

    Example:
    Suppose you want to create a user for little Billy. You would add his username "Billy" and a random password "asoidjfoasdjfoasdf" to the userlist you have. Then Billy receives the email with the login information and then tries to login. At his first login, Billy would be kindly asked to change his password to a secret evil one that only he knows about. After that Billy's account is read to be used.

    Probably there would be a couple of other tricks, but this one is simple and effective enough

  3. #3
    SitePoint Member
    Join Date
    Sep 2004
    Location
    Italy
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, TRISPECTIVE. I had though about that one, since I didn't know how to make email secure. I think it is the best solution. Thanks, again.

  4. #4
    SitePoint Evangelist TRISPECTIVE's Avatar
    Join Date
    Sep 2002
    Location
    n/a
    Posts
    477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Glad to help

  5. #5
    eCommerce specialist hotnuts21's Avatar
    Join Date
    Apr 2002
    Location
    Aberystwyth, UK
    Posts
    1,355
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I dont know a great deal about this, but isnt PGP a way of encrypting emails, surely sending emails in pgp would help with security even slightly?
    I believe its an open source function that can be installed on your webserver. Taking a look around these forums might help
    Search & Rescue Aberystwyth Lifeboat
    CSS Tutorials/Guides

    Sitepoint signatures are not visible to Search Engines More info

  6. #6
    ko pročita magarac :) boccio's Avatar
    Join Date
    Oct 2003
    Location
    belgrade
    Posts
    354
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the idea is to use resources availabe for all users, w/o forcing them to install additional components in order to receive their password.
    Vivvo CMS - Web publishing at your fingertips
    Mile voli disko, a ja belo kolumbijsko

  7. #7
    SitePoint Evangelist TRISPECTIVE's Avatar
    Join Date
    Sep 2002
    Location
    n/a
    Posts
    477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by hotnuts21
    I dont know a great deal about this, but isnt PGP a way of encrypting emails, surely sending emails in pgp would help with security even slightly?
    I believe its an open source function that can be installed on your webserver. Taking a look around these forums might help
    In this case, the user would have to be able to read the PGP.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •