Last post Dec 11, 2014 02:00 PM by wavemaster
Dec 11, 2014 10:16 AM|Gautam Sharma|LINK
is it possible to decrypt the password as plaintext from the table "webpages_OAuthMembership" ?
Dec 11, 2014 10:26 AM|Mikesdotnetting|LINK
No. It is not encrypted. It is hashed. That's a one-way operation.
Dec 11, 2014 10:36 AM|Afzaal.Ahmad.Zeeshan|LINK
Mike has already given the answer, but there is another solution to this problem, in which you while registering the user save his password in a base-64 string in your database. This way, the password's (some what secure; although it is not secure) form
is saved in your database. Which can be converted back to string.
But a hashed string can never be converted back.
Dec 11, 2014 10:37 AM|Gautam Sharma|LINK
If its one way operation, then while logging in "some internal method" verifies the password used for login and then compares it with the db password.
Is that the way it happens or there is something I need to know?
Dec 11, 2014 10:59 AM|Mikesdotnetting|LINK
When you log in, the password you provided is hashed and compared to the hash stored in the database.
Dec 11, 2014 12:42 PM|wavemaster|LINK
But is there a legitimate need to look at the password?
Dec 11, 2014 12:55 PM|Gautam Sharma|LINK
Need is not to look at it, need is to fetch it and send it via email(I am aware it is not secure) instead of resetting it.
Dec 11, 2014 02:00 PM|wavemaster|LINK
The safest way for a user to reset their password is to go to your site and reset their password there.
It would be a big red flag, If I were to receive my password per email.