Re: [lookup] speed sales pitch

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53510
interpreted = N
texte = On Tue, 21 Oct 2003 12:24:05 -0400 John Peacock wrote: >Dan Strong wrote: > >>looking for phone numbers as password, then type in 'John_Peacock' as my >>username and then '301-459-3366 ' as my password and then change the >>password and lock you out of your account... > >You are assuming several things: > >1) that you already know the initial password was the phone number I would figure this out fairly quickly if I was a fellow site-user... >2) that you know I am an existing customer (and how to spell my name) Point taken. Still, what if I was my client's competitor, I likely have the same 4 million phone numbers (nobody that I deal with, or likely EVER will deal with, has 4 million clients, c'mon... it's reasonable to assume that the client is buying lists and marketing to them....) .. at any rate, your point is still taken and I digress. >3) that I haven't already logged in and changed my password (nah, nah!) You sure showed me :) > >I can see your client's idea that their customers may not be able to handle a more complicated >password the first time they log in. Me too, but still... I don't want to get 4 million phone calls one night from my client telling me that he's pissed off ;) > >I would also suggest that the initial login actually generate an e-mail to the account holder to >confirm the registration. This third datapoint would not be exposed during the initial login, >and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). > This e-mail could have a generated link with a cart value in it, which would non-predictable, >and would initiate the permanent password update script... Again, good point, and something I was planning to do in the back of my mind, but as I've said my post was about [lookup], not the login itself... ;) > >> >>I am trying to talk him out of this for obvious reasons... > >That is still the best solution; I was giving you a fallback position. > >> >>Any opinion on the speed of a [lookup] on a larger-than-average .db? >> > >[lookup] is probably fast enough for this purpose, as long as the entire user database fits in >RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test >whether there is any speed difference between text and number lookups... Good to know. Thank you for the advice (about all of it). You too, Donovan! -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  2. Re: [lookup] speed sales pitch ( John Hill 2003)
  3. Re: [lookup] speed sales pitch ( John Peacock 2003)
  4. Re: [lookup] speed sales pitch ( Brian Fries 2003)
  5. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  6. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  7. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  8. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  9. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  10. Re: [lookup] speed sales pitch ( John Peacock 2003)
  11. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  12. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  13. Re: [lookup] speed sales pitch ( Donovan Brooke 2003)
  14. Re: [lookup] speed sales pitch ( John Peacock 2003)
  15. [lookup] speed sales pitch ( "Dan Strong" 2003)
On Tue, 21 Oct 2003 12:24:05 -0400 John Peacock wrote: >Dan Strong wrote: > >>looking for phone numbers as password, then type in 'John_Peacock' as my >>username and then '301-459-3366 ' as my password and then change the >>password and lock you out of your account... > >You are assuming several things: > >1) that you already know the initial password was the phone number I would figure this out fairly quickly if I was a fellow site-user... >2) that you know I am an existing customer (and how to spell my name) Point taken. Still, what if I was my client's competitor, I likely have the same 4 million phone numbers (nobody that I deal with, or likely EVER will deal with, has 4 million clients, c'mon... it's reasonable to assume that the client is buying lists and marketing to them....) .. at any rate, your point is still taken and I digress. >3) that I haven't already logged in and changed my password (nah, nah!) You sure showed me :) > >I can see your client's idea that their customers may not be able to handle a more complicated >password the first time they log in. Me too, but still... I don't want to get 4 million phone calls one night from my client telling me that he's pissed off ;) > >I would also suggest that the initial login actually generate an e-mail to the account holder to >confirm the registration. This third datapoint would not be exposed during the initial login, >and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). > This e-mail could have a generated link with a cart value in it, which would non-predictable, >and would initiate the permanent password update script... Again, good point, and something I was planning to do in the back of my mind, but as I've said my post was about [lookup], not the login itself... ;) > >> >>I am trying to talk him out of this for obvious reasons... > >That is still the best solution; I was giving you a fallback position. > >> >>Any opinion on the speed of a [lookup] on a larger-than-average .db? >> > >[lookup] is probably fast enough for this purpose, as long as the entire user database fits in >RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test >whether there is any speed difference between text and number lookups... Good to know. Thank you for the advice (about all of it). You too, Donovan! -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

prefs file not being written to (2000) [WebDNA] Format Days_To_Date (2008) upgrading (1997) Javascript Stored in a Database (2003) creating writefile data from a nested search (1997) WebCatalog usage (1997) Exclamation point (1997) Today's suggestions (1998) I'm tired of all this! (2000) WebDNA 4.5 (2004) HTML docs are wrong about listwords ... (2000) no template caching (1997) RE: ANother SHOWIF problem (1997) Bug with periods in [math] variable names (2001) Search Command, multiple dbs, etc. --further elucidation needed (2000) Item options w/ price adjustment (1997) Separate SSL Server (1997) Checkboxes (1997) Just a thought (1998) newbies to web, spaces in email address (1998)