Mail

thoand

Hi,
A security question:

I have a user database which among other things store passwords to my site.

Each time i register a new user I want to mail the password to the user through the mail function in PHP.

Is that safe, if not, what is the worst things that could happen and is there any ways to solve it?

best regards
Thomas A.

phpray

it all depends how tight you want your security.

if for example you are sending credit card info in this manner - it would be a risk.

if you were merely identifying a user - no problem here.

the worst that can happen is that some one can pick up that email and steal your data etc.

a relativly easy option would be to send a url to the client in his email - this url would have the id number necessary to id your client and could also possibly be a secure url e.g. ssl where you can display the needed info for your client. but this still has its hassles.

you could send him an encrypted password using something like md5.....

actually there are many ways, but like i said how tight do want your security?