them in this manner leaves them vulnerable to anyone who ends up with access
to that database. You may or may not consider the data in your web app
important to your user, but most users will attempt to use a password they
use in alot of other places, possibly including banking or other sites.
IMHO, it's really part of a programmer's responsibility to the internet
community to make user information is kept secure, particularly passwords.
A good alternative to storing passwords in plain text is to hash (MD5) the
password using hash(). You can rehash and compare passwords on login to
authenticate users, without needing the password stored in plaintext.
I'd definitely suggest enforcing unique usernames. Sometimes email can be a
good unique username though keep in mind that if you expect two members of
the same family to login, they sometimes will be sharing an email address.
Shared addresses may make unique accounts a problem for those users.
As Paul already mentioned, it's often good to randomly generate passwords
and email them to the user. I ALWAYS set a flag in the database after doing
this so that the next time they login they are forced to change it to a
different password before proceeding. There is at least one UDF at
cflib.org that will generate good random passwords.
One of the most frequently seen security vulnerabilities on the internet
today is a web application that will email you your password in plaintext.
This is a HORRIBLE idea because typically users don't consider their email
information that requires the same security that a password would. I'd bet
you can dig thought just about anyone's mailbox file and find at most of the
passwords they use for banking and other very secure apps because they were
emailed in plaintext from some less security minded website.
By randomly assigning passwords before emailing them to the user you are
assuring that a password they use all over the place isn't hitting their
email inbox in plaintext. By forcing them to change their password as soon
as they login, you are assuring that the plaintext password in the email
message isn't valid anymore and thus is not longer a security vulnerability
for that user.
Phew, that was a long answer....
-Cameron
-----------------
Cameron Childress
Sumo Consulting Inc.
---
cell: 678.637.5072
land: 858.509.3098
aim: cameroncf
email: [EMAIL PROTECTED]
-----Original Message-----
From: Bob Haroche [mailto:[EMAIL PROTECTED]
Sent: Sunday, January 04, 2004 9:00 PM
To: CF-Talk
Subject: Password Logic
I want to enable users of my web app, upon creating their accounts, to
be able to select their own login password. When they create their
account, I'm comparing their proposed password with all other
passwords stored in a db to ensure that the proposed password is
unique. If it's not, though, I don't think it's wise to return a
message of "That password is already being used. Please select
another" -- seems too insecure.
What is a "good practices" way of handling this situation:
1. Ensuring instead that only the username is unique, and then making
the unique login key to be the combo of the username/password fields?
2. Something else?
TIA.
-------------
Regards,
Bob Haroche
O n P o i n t S o l u t i o n s
www.OnPointSolutions.com
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
