Forum OpenACS Development: Re: Can question/secret answer be removed from password recovery?
So for anyone genuinely worried about DOS attacks via the "I forgot my password, please reset it and email it to me" page: The existing "question/answer" method sounds like a good solution to that problem. Any change that simply goes back to storing un-encrypted passwords in the database is probably a very bad idea.
Note that if someone can extract a plain text password from your database, you have pretty much lost it, haven't you? I'm not saying that it should be done, but it isn't the same thing as a /etc/passwd file where every local user can read the file.
I can never remember the answer to a question I choose. Capitalization matters as well. Bottom line is that this is a difficult problem with no obvious 'easy' solution.
So, storing the password unencrypted is preferable if combined with the option to resend the current password to the user. We could make this an optional switch (resend_password vs. create_new_password).
As always there is a catch though: Users are a lazy bunch. They usually use the same password for a couple of websites. Storing the password encrypted prevents the maintainers of the site to access your password and try it out on other sites. Furthermore, sending your current password over the net via email makes it possible to obtain your login for other sites for the occasional password searching filter.