This might be a stupid question and if so then humor me with smart
remark and the answer
I want to have a feature on my site that allows me to email forgotten
passwords back to the user (like what Backpack does). Now I’m currently
encrypting the user’s password + salt before saving to the database
using code borrowed from the LoginGenerator.
The question I have is there any way to get the user’s password after if
it’s been SHA1’ed or do I have store the user’s password as plain text
in the database?
If I have to store is plain text, isn’t that a bit insecure? And if so
why does backpack (and I’m assuming others do it?)
If I want to have the password encrypted in the database is my only
option to change their password ot a new value?