I may be coming into this mid-stream but anyhow:
Passwords and retrieving them etc.
Most, if all systems/programs that contain any passwords never let you
openly see the unencrypted password text. There is never any need for it and
doing so circumvents privacy/security etc. etc. etc. None of these products
and the people using them seem to have a problem with this.
Problems with passwords are usually dealt with like this:
User: I forgot my password.
(optional step) Admin: Ok, just give me some background information (that
they have stored such as birthday, middle name, last login, character
history details, whatever)
User: (provides check info which is visible to admin)
Admin: I'm going to change your password to "test" so you should be able to
login now.
User: Thanks.
That's the way I've always seen it handled and done it on both sides of the
admin/user coin whether it be for UNIX administration, ISP, customer
accounts etc.
I'm not saying that a visible password is unethical bad etc. I just don't
think there really is a need if one follows already existing procedures.
I.e. not re-inventing the wheel.
My 2^-10 cents,
Joe Kingry
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/15/00 PST