be able to select their own login password. When they create their
account, I'm comparing their proposed password with all other
passwords stored in a db to ensure that the proposed password is
unique. If it's not, though, I don't think it's wise to return a
message of "That password is already being used. Please select
another" -- seems too insecure.
What is a "good practices" way of handling this situation:
1. Ensuring instead that only the username is unique, and then making
the unique login key to be the combo of the username/password fields?
2. Something else?
TIA.
-------------
Regards,
Bob Haroche
O n P o i n t S o l u t i o n s
www.OnPointSolutions.com
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
