Re: [lookup] speed sales pitch

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53507
interpreted = N
texte = I hear ya, but IMHO I think that *any* easily gleaned, related info for use as a password is not very secure at all... If I set it up the way you (or the client) suggests, and I was a big jerk, I (as a malicious ne'er-do-well, of course) could go to the site, realize that they were looking for phone numbers as password, then type in 'John_Peacock' as my username and then '301-459-3366 ' as my password and then change the password and lock you out of your account... I am trying to talk him out of this for obvious reasons... Any opinion on the speed of a [lookup] on a larger-than-average .db? -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ On Tue, 21 Oct 2003 12:01:09 -0400 John Peacock wrote: >Dan Strong wrote: > >>A client has asked that I build his login scheme so that his clients' >>phone numbers are the password ... > >If you can suggest that their _initial_ password is the phone number and then make the user >choose a new password after they login for the first time. _Much_ more secure... > >John > >-- >John Peacock >Director of Information Research and Technology >Rowman & Littlefield Publishing Group >4501 Forbes Boulevard >Suite H >Lanham, MD 20706 >301-459-3366 x.5010 >fax 301-429-5748 > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  2. Re: [lookup] speed sales pitch ( John Hill 2003)
  3. Re: [lookup] speed sales pitch ( John Peacock 2003)
  4. Re: [lookup] speed sales pitch ( Brian Fries 2003)
  5. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  6. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  7. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  8. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  9. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  10. Re: [lookup] speed sales pitch ( John Peacock 2003)
  11. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  12. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  13. Re: [lookup] speed sales pitch ( Donovan Brooke 2003)
  14. Re: [lookup] speed sales pitch ( John Peacock 2003)
  15. [lookup] speed sales pitch ( "Dan Strong" 2003)
I hear ya, but IMHO I think that *any* easily gleaned, related info for use as a password is not very secure at all... If I set it up the way you (or the client) suggests, and I was a big jerk, I (as a malicious ne'er-do-well, of course) could go to the site, realize that they were looking for phone numbers as password, then type in 'John_Peacock' as my username and then '301-459-3366 ' as my password and then change the password and lock you out of your account... I am trying to talk him out of this for obvious reasons... Any opinion on the speed of a [lookup] on a larger-than-average .db? -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ On Tue, 21 Oct 2003 12:01:09 -0400 John Peacock wrote: >Dan Strong wrote: > >>A client has asked that I build his login scheme so that his clients' >>phone numbers are the password ... > >If you can suggest that their _initial_ password is the phone number and then make the user >choose a new password after they login for the first time. _Much_ more secure... > >John > >-- >John Peacock >Director of Information Research and Technology >Rowman & Littlefield Publishing Group >4501 Forbes Boulevard >Suite H >Lanham, MD 20706 >301-459-3366 x.5010 >fax 301-429-5748 > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

AND/OR searches in WebCat 3.07 (2003) Webcat XML/XSLT Performance vs. static Html (2006) Discount solution? (1998) Re2: frames & carts (1997) Error Log.db --however (1997) WebCat2b12 CGI Mac - [shownext] problem (1997) Netscape 3.01 can't see db in form (was problems problemsproblems) (1997) php vs WebCatalog (2000) Bug Report, maybe (1997) notification solutions (1997) [include file=filename.inc&strip=t] (2002) TCPConnect , can I get an example, pretty please. (2002) redirect strangeness (2000) MS SQL (thats S not Y) (2004) Troubles with Selection Drop Down List Search (1998) Store Example to Use (1998) creator code (1997) [ShowIf] and empty fields (1997) unique ascending numbers (2003) Sorting by date (1997)