Re: [lookup] speed sales pitch

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53509
interpreted = N
texte = Dan Strong wrote: > looking for phone numbers as password, then type in 'John_Peacock' as my > username and then '301-459-3366 ' as my password and then change the > password and lock you out of your account... You are assuming several things: 1) that you already know the initial password was the phone number 2) that you know I am an existing customer (and how to spell my name) 3) that I haven't already logged in and changed my password (nah, nah!) I can see your client's idea that their customers may not be able to handle a more complicated password the first time they log in. I would also suggest that the initial login actually generate an e-mail to the account holder to confirm the registration. This third datapoint would not be exposed during the initial login, and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). This e-mail could have a generated link with a cart value in it, which would non-predictable, and would initiate the permanent password update script... > > I am trying to talk him out of this for obvious reasons... That is still the best solution; I was giving you a fallback position. > > Any opinion on the speed of a [lookup] on a larger-than-average .db? > [lookup] is probably fast enough for this purpose, as long as the entire user database fits in RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test whether there is any speed difference between text and number lookups... John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  2. Re: [lookup] speed sales pitch ( John Hill 2003)
  3. Re: [lookup] speed sales pitch ( John Peacock 2003)
  4. Re: [lookup] speed sales pitch ( Brian Fries 2003)
  5. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  6. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  7. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  8. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  9. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  10. Re: [lookup] speed sales pitch ( John Peacock 2003)
  11. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  12. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  13. Re: [lookup] speed sales pitch ( Donovan Brooke 2003)
  14. Re: [lookup] speed sales pitch ( John Peacock 2003)
  15. [lookup] speed sales pitch ( "Dan Strong" 2003)
Dan Strong wrote: > looking for phone numbers as password, then type in 'John_Peacock' as my > username and then '301-459-3366 ' as my password and then change the > password and lock you out of your account... You are assuming several things: 1) that you already know the initial password was the phone number 2) that you know I am an existing customer (and how to spell my name) 3) that I haven't already logged in and changed my password (nah, nah!) I can see your client's idea that their customers may not be able to handle a more complicated password the first time they log in. I would also suggest that the initial login actually generate an e-mail to the account holder to confirm the registration. This third datapoint would not be exposed during the initial login, and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). This e-mail could have a generated link with a cart value in it, which would non-predictable, and would initiate the permanent password update script... > > I am trying to talk him out of this for obvious reasons... That is still the best solution; I was giving you a fallback position. > > Any opinion on the speed of a [lookup] on a larger-than-average .db? > [lookup] is probably fast enough for this purpose, as long as the entire user database fits in RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test whether there is any speed difference between text and number lookups... John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Configuring E-mail (1997) Problems problems problems (1997) Download URL & access on the fly ? (1997) Math (1997) A few questions about server configuration (2000) show all problem (1997) SetMIMEHeader Behaviour (2000) [OT] Good javascript book? (2002) Woops... (2003) Does anyone have a solution to make carts smaller? (1998) index.html (1999) Quiestion (1997) Associative lookup style? (1997) unsubscribe (2000) taxTotal, grandTotal (1997) Re:2nd WebCatalog2 Feature Request (1996) Separate SSL Server (1997) WebDNA Solutions ... sorry! (1997) WebCat2b12--[searchstring] bug (1997) different ship dates and shopping carts -- how to? (1997)