When you host a site using one of the many reputable packages - like PHPBB2 - the passwords are stored using irreversible encryption. In other words, there is just no way to extract a password from its encrypted form. Login attempts are handled as follows: the supplied password is encrypted using the same algorithm and the encrypted password then is compared with the stored encrypted password. There is a problem though. It's pretty easy to intercept the passwords, just alter the PHP script a little and the site administrator can have every password in clear text. It is just not true that PHP (or any other language) does not allow the reading of passwords. As a user you just have to trust the forum hoster not to do nasty things. The only thing that helps (a little) is SSL: NEVER EVER ENTER A PASSWORD ON A NON-SSL PAGE!!!. SSL does two things. First, it ensures that your information (not only the password, everything on the page) is encrypted when sent over the Net. Second, since a Web server can only provide SSL if it has a server certificate, you can view the certificate to verify the identity of the Web site. Sort of an Internet passport. So if such a site is set up for identity theft, you know who to go after.

The pen is mightier than the sword. But if you literally want to have some impact, use a typewriter

My gallery   My freestuff