Re: [lookup] speed sales pitch

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 53510
interpreted = N
texte = On Tue, 21 Oct 2003 12:24:05 -0400 John Peacock wrote: >Dan Strong wrote: > >>looking for phone numbers as password, then type in 'John_Peacock' as my >>username and then '301-459-3366 ' as my password and then change the >>password and lock you out of your account... > >You are assuming several things: > >1) that you already know the initial password was the phone number I would figure this out fairly quickly if I was a fellow site-user... >2) that you know I am an existing customer (and how to spell my name) Point taken. Still, what if I was my client's competitor, I likely have the same 4 million phone numbers (nobody that I deal with, or likely EVER will deal with, has 4 million clients, c'mon... it's reasonable to assume that the client is buying lists and marketing to them....) .. at any rate, your point is still taken and I digress. >3) that I haven't already logged in and changed my password (nah, nah!) You sure showed me :) > >I can see your client's idea that their customers may not be able to handle a more complicated >password the first time they log in. Me too, but still... I don't want to get 4 million phone calls one night from my client telling me that he's pissed off ;) > >I would also suggest that the initial login actually generate an e-mail to the account holder to >confirm the registration. This third datapoint would not be exposed during the initial login, >and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). > This e-mail could have a generated link with a cart value in it, which would non-predictable, >and would initiate the permanent password update script... Again, good point, and something I was planning to do in the back of my mind, but as I've said my post was about [lookup], not the login itself... ;) > >> >>I am trying to talk him out of this for obvious reasons... > >That is still the best solution; I was giving you a fallback position. > >> >>Any opinion on the speed of a [lookup] on a larger-than-average .db? >> > >[lookup] is probably fast enough for this purpose, as long as the entire user database fits in >RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test >whether there is any speed difference between text and number lookups... Good to know. Thank you for the advice (about all of it). You too, Donovan! -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  2. Re: [lookup] speed sales pitch ( John Hill 2003)
  3. Re: [lookup] speed sales pitch ( John Peacock 2003)
  4. Re: [lookup] speed sales pitch ( Brian Fries 2003)
  5. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  6. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  7. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  8. Re: [lookup] speed sales pitch ( Kenneth Grome 2003)
  9. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  10. Re: [lookup] speed sales pitch ( John Peacock 2003)
  11. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  12. Re: [lookup] speed sales pitch ( "Dan Strong" 2003)
  13. Re: [lookup] speed sales pitch ( Donovan Brooke 2003)
  14. Re: [lookup] speed sales pitch ( John Peacock 2003)
  15. [lookup] speed sales pitch ( "Dan Strong" 2003)
On Tue, 21 Oct 2003 12:24:05 -0400 John Peacock wrote: >Dan Strong wrote: > >>looking for phone numbers as password, then type in 'John_Peacock' as my >>username and then '301-459-3366 ' as my password and then change the >>password and lock you out of your account... > >You are assuming several things: > >1) that you already know the initial password was the phone number I would figure this out fairly quickly if I was a fellow site-user... >2) that you know I am an existing customer (and how to spell my name) Point taken. Still, what if I was my client's competitor, I likely have the same 4 million phone numbers (nobody that I deal with, or likely EVER will deal with, has 4 million clients, c'mon... it's reasonable to assume that the client is buying lists and marketing to them....) .. at any rate, your point is still taken and I digress. >3) that I haven't already logged in and changed my password (nah, nah!) You sure showed me :) > >I can see your client's idea that their customers may not be able to handle a more complicated >password the first time they log in. Me too, but still... I don't want to get 4 million phone calls one night from my client telling me that he's pissed off ;) > >I would also suggest that the initial login actually generate an e-mail to the account holder to >confirm the registration. This third datapoint would not be exposed during the initial login, >and would mean the bad guys would need to intercept the e-mail (a much harder slope to climb). > This e-mail could have a generated link with a cart value in it, which would non-predictable, >and would initiate the permanent password update script... Again, good point, and something I was planning to do in the back of my mind, but as I've said my post was about [lookup], not the login itself... ;) > >> >>I am trying to talk him out of this for obvious reasons... > >That is still the best solution; I was giving you a fallback position. > >> >>Any opinion on the speed of a [lookup] on a larger-than-average .db? >> > >[lookup] is probably fast enough for this purpose, as long as the entire user database fits in >RAM at all times (i.e. isn't so huge that it gets swapped out regularly). You may want to test >whether there is any speed difference between text and number lookups... Good to know. Thank you for the advice (about all of it). You too, Donovan! -Dan ------------------------------------------------------------ http://www.StrongGraphicDesign.com (208) 319-0137 | Toll-free p/f 877-561-1656 ------------------------------------------------------------ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Math Function (1997) PIXO support (1997) Trouble with formula.db (1997) Associative lookup style? + bit more (1997) webcat page crashes MSIE 5 on mac (2000) Documentation Feedback (1997) list cookies and list http headers (1997) WebCat2b13MacPlugin - [math][date][/math] problem (1997) form data submission gets truncated (1997) Wrapping text (1998) Dates (1998) [shell] (2002) math on date? (1997) August 15th WebDNA Chat Transcript (2002) Date comparison using showif (2003) Testing, Sorry (1998) SM: MySQL and Numbers (BUG) (2005) 06/06/2000 bug warning ... (2000) WebCat2 beta 11 - new prefs ... (1997) Why do extra quotation marks sometimes appear in my databases? (1998)