Re: [lookup] speed sales pitch

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53507
interpreted = N
texte = I hear ya, but IMHO I think that *any* easily gleaned, related info for use as a password is not very secure at all... If I set it up the way you (or the client) suggests, and I was a big jerk, I (as a malicious ne'er-do-well, of course) could go to the site, realize that they were looking for phone numbers as password, then type in 'John_Peacock' as my username and then '301-459-3366 ' as my password and then change the password and lock you out of your account... I am trying to talk him out of this for obvious reasons... Any opinion on the speed of a [lookup] on a larger-than-average .db? -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ On Tue, 21 Oct 2003 12:01:09 -0400 John Peacock wrote: >Dan Strong wrote: > >>A client has asked that I build his login scheme so that his clients' >>phone numbers are the password ... > >If you can suggest that their _initial_ password is the phone number and then make the user >choose a new password after they login for the first time. _Much_ more secure... > >John > >-- >John Peacock >Director of Information Research and Technology >Rowman & Littlefield Publishing Group >4501 Forbes Boulevard >Suite H >Lanham, MD 20706 >301-459-3366 x.5010 >fax 301-429-5748 > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  2. Re: [lookup] speed sales pitch ( John Hill 2003)
  3. Re: [lookup] speed sales pitch ( John Peacock 2003)
  4. Re: [lookup] speed sales pitch ( Brian Fries 2003)
  5. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  6. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  7. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  8. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  9. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  10. Re: [lookup] speed sales pitch ( John Peacock 2003)
  11. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  12. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  13. Re: [lookup] speed sales pitch ( Donovan Brooke 2003)
  14. Re: [lookup] speed sales pitch ( John Peacock 2003)
  15. [lookup] speed sales pitch ( "Dan Strong" 2003)
I hear ya, but IMHO I think that *any* easily gleaned, related info for use as a password is not very secure at all... If I set it up the way you (or the client) suggests, and I was a big jerk, I (as a malicious ne'er-do-well, of course) could go to the site, realize that they were looking for phone numbers as password, then type in 'John_Peacock' as my username and then '301-459-3366 ' as my password and then change the password and lock you out of your account... I am trying to talk him out of this for obvious reasons... Any opinion on the speed of a [lookup] on a larger-than-average .db? -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ On Tue, 21 Oct 2003 12:01:09 -0400 John Peacock wrote: >Dan Strong wrote: > >>A client has asked that I build his login scheme so that his clients' >>phone numbers are the password ... > >If you can suggest that their _initial_ password is the phone number and then make the user >choose a new password after they login for the first time. _Much_ more secure... > >John > >-- >John Peacock >Director of Information Research and Technology >Rowman & Littlefield Publishing Group >4501 Forbes Boulevard >Suite H >Lanham, MD 20706 >301-459-3366 x.5010 >fax 301-429-5748 > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WC TableGrinder (1997) WCS Newbie question (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) Re:quit command on NT (1997) Fwd: Problems with Webcatalog Plug-in (1997) Re:quit command on NT (1997) A little syntax help (1997) Help Please WebDNA 6 Secure Forms Problem (2004) pop up building with summarize (1998) WebCat2.0 acgi vs plugin (1997) sorting... (2003) How is it done? (1998) database search help (2003) [OT] Democratic Code (2002) Another bug to squash (WebCat2b13 Mac .acgi) (1997) Blocking form spam (2006) What abobut variables named max ??? (2000) Date search - yes or no (1997) verify online (1997) WC2b15 File Corruption (1997)