Then in this part of the same video@ben dynamically adds the password into an outgoing email that the user will receive upon a successful registration.
If the password was encrypted in a previous step of the same workflow (the Data insert step), then how is the plain text password able to be included in this email? Shouldn’t that plain text password have already be encrypted by the time the workflow gets around to executing the Send Mail step?
Upon the initial submit of the form to the database before the input is hashed the plain text can be sent via E-mail. If you use the value from the form input within the E-mail it will be plain text only, and will be encrypted database side upon the insert action completing. You can not however reverse the hash once it is applied, only replace it…
I think he meant that it’s not a good idea to send the actual password at all to a user’s inbox as anyone with access to it could also get access to the website. It’s not so much about if the connection is secure or not. Although better if secure of course
I understand you need to balance the complexity of the tutorial so it serves well the audience it’s meant for.
Hi Ben, I mean it's not a good idea to send passwords to users for the same reasons Jon mentioned. Also it's exactly the same reason why we store them encrypted in the database and not as plain text.
If users forget their passwords, better send them a password reset link.
