Re: [Enh] Pier-ExternalLogin

If you are making a framework for this part then one thing to consider is passwords. Most frameworks leave this up to the user, so the user does the simplest thing they can: they store plain text passwords. You can tell these sites because when you forget your password and press the password recovery link they send you your password directly (ironically, pgp.com does this too!). Obviously if the password is stored in plain text, then once your site is hacked all your user's passwords will be known. This wont make your users happy. So it would be nice to have some kind of password object or something that always does some kind of one-way encryption on the passwords (e.g. using MD5). It would be nice as well for something to do the whole password recovery stage as well, since this always works the same: user clicks a link, gets an email forwarded that points to a secure site where they can type in a new password, since passwords are not recoverable. Just something to think about. On 8/17/07, Keith Hodges <keith_hodges(a)yahoo.co.uk> wrote: