This is what I thought. And if this approach is good enough for UT, it should work for me too. Except I may (not decided yet) not even reset the password. Let me explain, or provide an excuse. My web application does not have (yet) a page where user can change his/her account information (like email, name, ID, password). All the account information is entered by the administrator into VFP application. Currently if/when web user forgets his/her password they call me (application support) and I have to connect to the VFP application and retrieve the user ID and password and tell them. I am trying to minimize the work I have to do by providing the web user with the ability to Recover Password based on their email. I am sure as my app becomes more mature, I will add new features and perhaps in the future will simply reset the password (as you and Rob suggested) instead of emailing in plain text. But I need to get this done so that I can move on to many other functional enhancements I have to do.
>Not secure. It's all sent in plain text.
>
>>Btw, I just checked this site (UT) which - if you forget the password - resets your password to a random one and emails it to you, along with your user ID.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham