Re: [lookup] speed sales pitch

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53510
interpreted = N
texte = On Tue, 21 Oct 2003 12:24:05 -0400 John Peacock wrote: >Dan Strong wrote: > >>looking for phone numbers as password, then type in 'John_Peacock' as my >>username and then '301-459-3366 ' as my password and then change the >>password and lock you out of your account... > >You are assuming several things: > >1) that you already know the initial password was the phone number I would figure this out fairly quickly if I was a fellow site-user... >2) that you know I am an existing customer (and how to spell my name) Point taken. Still, what if I was my client's competitor, I likely have the same 4 million phone numbers (nobody that I deal with, or likely EVER will deal with, has 4 million clients, c'mon... it's reasonable to assume that the client is buying lists and marketing to them....) .. at any rate, your point is still taken and I digress. >3) that I haven't already logged in and changed my password (nah, nah!) You sure showed me :) > >I can see your client's idea that their customers may not be able to handle a more complicated >password the first time they log in. Me too, but still... I don't want to get 4 million phone calls one night from my client telling me that he's pissed off ;) > >I would also suggest that the initial login actually generate an e-mail to the account holder to >confirm the registration. This third datapoint would not be exposed during the initial login, >and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). > This e-mail could have a generated link with a cart value in it, which would non-predictable, >and would initiate the permanent password update script... Again, good point, and something I was planning to do in the back of my mind, but as I've said my post was about [lookup], not the login itself... ;) > >> >>I am trying to talk him out of this for obvious reasons... > >That is still the best solution; I was giving you a fallback position. > >> >>Any opinion on the speed of a [lookup] on a larger-than-average .db? >> > >[lookup] is probably fast enough for this purpose, as long as the entire user database fits in >RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test >whether there is any speed difference between text and number lookups... Good to know. Thank you for the advice (about all of it). You too, Donovan! -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  2. Re: [lookup] speed sales pitch ( John Hill 2003)
  3. Re: [lookup] speed sales pitch ( John Peacock 2003)
  4. Re: [lookup] speed sales pitch ( Brian Fries 2003)
  5. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  6. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  7. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  8. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  9. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  10. Re: [lookup] speed sales pitch ( John Peacock 2003)
  11. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  12. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  13. Re: [lookup] speed sales pitch ( Donovan Brooke 2003)
  14. Re: [lookup] speed sales pitch ( John Peacock 2003)
  15. [lookup] speed sales pitch ( "Dan Strong" 2003)
On Tue, 21 Oct 2003 12:24:05 -0400 John Peacock wrote: >Dan Strong wrote: > >>looking for phone numbers as password, then type in 'John_Peacock' as my >>username and then '301-459-3366 ' as my password and then change the >>password and lock you out of your account... > >You are assuming several things: > >1) that you already know the initial password was the phone number I would figure this out fairly quickly if I was a fellow site-user... >2) that you know I am an existing customer (and how to spell my name) Point taken. Still, what if I was my client's competitor, I likely have the same 4 million phone numbers (nobody that I deal with, or likely EVER will deal with, has 4 million clients, c'mon... it's reasonable to assume that the client is buying lists and marketing to them....) .. at any rate, your point is still taken and I digress. >3) that I haven't already logged in and changed my password (nah, nah!) You sure showed me :) > >I can see your client's idea that their customers may not be able to handle a more complicated >password the first time they log in. Me too, but still... I don't want to get 4 million phone calls one night from my client telling me that he's pissed off ;) > >I would also suggest that the initial login actually generate an e-mail to the account holder to >confirm the registration. This third datapoint would not be exposed during the initial login, >and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). > This e-mail could have a generated link with a cart value in it, which would non-predictable, >and would initiate the permanent password update script... Again, good point, and something I was planning to do in the back of my mind, but as I've said my post was about [lookup], not the login itself... ;) > >> >>I am trying to talk him out of this for obvious reasons... > >That is still the best solution; I was giving you a fallback position. > >> >>Any opinion on the speed of a [lookup] on a larger-than-average .db? >> > >[lookup] is probably fast enough for this purpose, as long as the entire user database fits in >RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test >whether there is any speed difference between text and number lookups... Good to know. Thank you for the advice (about all of it). You too, Donovan! -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2b13MacPlugIn - [showif][search][/showif] (1997) Help name our technology! I found it (1997) Ken's Data Manager (was dbQuickView 2.0) (2005) carriage returns in data (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) One per customer (2000) [WebDNA] localhost as email server (2011) webcat, osx, and includes (2001) Execute Applescript (1997) MacActivity and PCS (1997) webcat 2.1 new cart fields - please explain more (1998) Access Denied! But why? (1997) WebCatalog2 for NT Beta Request (1997) WebCat2: Items xx to xx shown, etc. (1997) date tag not interpreted (2000) A little syntax help (1997) categories and subcategories (2004) Problems searching from a FORM (1997) Using Cookie for client specific info? (1997) emailer (1997)