Re: [lookup] speed sales pitch
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 53510
interpreted = N
texte = On Tue, 21 Oct 2003 12:24:05 -0400 John Peacock
wrote:>Dan Strong wrote:>>>looking for phone numbers as password, then type in 'John_Peacock' as my >>username and then '301-459-3366 ' as my password and then change the >>password and lock you out of your account...>>You are assuming several things:>>1) that you already know the initial password was the phone numberI would figure this out fairly quickly if I was a fellow site-user...>2) that you know I am an existing customer (and how to spell my name)Point taken. Still, what if I was my client's competitor, I likely have the same 4 million phone numbers (nobody that I deal with, or likely EVER will deal with, has 4 million clients, c'mon... it's reasonable to assume that the client is buying lists and marketing to them....) .. at any rate, your point is still taken and I digress.>3) that I haven't already logged in and changed my password (nah, nah!)You sure showed me :)>>I can see your client's idea that their customers may not be able to handle a more complicated >password the first time they log in.Me too, but still... I don't want to get 4 million phone calls one night from my client telling me that he's pissed off ;)>>I would also suggest that the initial login actually generate an e-mail to the account holder to >confirm the registration. This third datapoint would not be exposed during the initial login, >and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). > This e-mail could have a generated link with a cart value in it, which would non-predictable, >and would initiate the permanent password update script...Again, good point, and something I was planning to do in the back of my mind, but as I've said my post was about [lookup], not the login itself... ;)>>>>>I am trying to talk him out of this for obvious reasons...>>That is still the best solution; I was giving you a fallback position.>>>>>Any opinion on the speed of a [lookup] on a larger-than-average .db?>>>>[lookup] is probably fast enough for this purpose, as long as the entire user database fits in >RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test >whether there is any speed difference between text and number lookups...Good to know. Thank you for the advice (about all of it). You too, Donovan!-Dan------------------------------------------------------------http://www.StrongGraphicDesign.com(208) 319-0137 | Toll-free p/f 877-561-1656-------------------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
On Tue, 21 Oct 2003 12:24:05 -0400 John Peacock wrote:>Dan Strong wrote:>>>looking for phone numbers as password, then type in 'John_Peacock' as my >>username and then '301-459-3366 ' as my password and then change the >>password and lock you out of your account...>>You are assuming several things:>>1) that you already know the initial password was the phone numberI would figure this out fairly quickly if I was a fellow site-user...>2) that you know I am an existing customer (and how to spell my name)Point taken. Still, what if I was my client's competitor, I likely have the same 4 million phone numbers (nobody that I deal with, or likely EVER will deal with, has 4 million clients, c'mon... it's reasonable to assume that the client is buying lists and marketing to them....) .. at any rate, your point is still taken and I digress.>3) that I haven't already logged in and changed my password (nah, nah!)You sure showed me :)>>I can see your client's idea that their customers may not be able to handle a more complicated >password the first time they log in.Me too, but still... I don't want to get 4 million phone calls one night from my client telling me that he's pissed off ;)>>I would also suggest that the initial login actually generate an e-mail to the account holder to >confirm the registration. This third datapoint would not be exposed during the initial login, >and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). > This e-mail could have a generated link with a cart value in it, which would non-predictable, >and would initiate the permanent password update script...Again, good point, and something I was planning to do in the back of my mind, but as I've said my post was about [lookup], not the login itself... ;)>>>>>I am trying to talk him out of this for obvious reasons...>>That is still the best solution; I was giving you a fallback position.>>>>>Any opinion on the speed of a [lookup] on a larger-than-average .db?>>>>[lookup] is probably fast enough for this purpose, as long as the entire user database fits in >RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test >whether there is any speed difference between text and number lookups...Good to know. Thank you for the advice (about all of it). You too, Donovan!-Dan------------------------------------------------------------http://www.StrongGraphicDesign.com(208) 319-0137 | Toll-free p/f 877-561-1656-------------------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
"Dan Strong"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Math Function (1997)
PIXO support (1997)
Trouble with formula.db (1997)
Associative lookup style? + bit more (1997)
webcat page crashes MSIE 5 on mac (2000)
Documentation Feedback (1997)
list cookies and list http headers (1997)
WebCat2b13MacPlugin - [math][date][/math] problem (1997)
form data submission gets truncated (1997)
Wrapping text (1998)
Dates (1998)
[shell] (2002)
math on date? (1997)
August 15th WebDNA Chat Transcript (2002)
Date comparison using showif (2003)
Testing, Sorry (1998)
SM: MySQL and Numbers (BUG) (2005)
06/06/2000 bug warning ... (2000)
WebCat2 beta 11 - new prefs ... (1997)
Why do extra quotation marks sometimes appear in my databases? (1998)