RE: Validate Password

Mik Muller Thu, 08 Feb 2007 10:15:49 -0800

Nice piece of work. And I learned a thing or two, too.

On question: wouldn't the query below just check to see if the password had 
been used three times site-wide? Wouldn't you want to also check that it wasn't 
used by the user in question? I know it wasn't stated in the list, but I'm 
inferring that would be a requirement. This also assumes that the user 
management functionality includes a vehicle for forcing changing your password 
every x number of days, and also validates that the current password works for 
that particular username. There has to be a correlation.


And a theoretical question... do people generally store their user's previous 
passwords in a list?

Michael


At 11:22 AM 2/8/2007, you wrote:
>This can't be done on the client-side, of course, because you're
>checking the password history.
>
>How about this:
>
><cffunction name="isValid" returntype="boolean" output="no">
>        <cfargument name="fieldValue" type="string" />
>        <cfset var local=structNew() />
>        <cfset local.isValid=0 />
>        
>        <cfquery name="chkPwrdHist" datasource="myDSN">
>                SELECT TOP 3 *
>                FROM [pwrdTbl]
>                WHERE [pwrd]=<cfqueryparam
>value="#arguments.fieldValue#" />
>                ORDER BY [setDate] DESC
>        </cfquery>
>        <cfif chkPwrdHist.recordCount eq 3><cfreturn false /></cfif>
>        
>        <cfif len(arguments.fieldValue) lt 8 or
>len(arguments.fieldValue) gt 127><cfreturn false /></cfif>
>        
>        <cfif REFind("[A-Z]+",arguments.fieldValue)><cfset
>local.isValid=local.isValid+1 /></cfif>
>        <cfif REFind("[a-z]+",arguments.fieldValue)><cfset
>local.isValid=local.isValid+1 /></cfif>
>        <cfif REFind("[0-9]+",arguments.fieldValue)><cfset
>local.isValid=local.isValid+1 /></cfif>
>        <cfif REFind("[\W_]+",arguments.fieldValue)><cfset
>local.isValid=local.isValid+1 /></cfif>
>        <cfif local.isValid lt 3><cfreturn false /></cfif>
>        <cfreturn true />
></cffunction>

--------
Michael Muller
Admin, MontagueMA.net Website
work (413) 863-0030
cell (413) 320-5336
skype: michaelBmuller
http://www.MontagueMA.net

Eschew Obfuscation




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Upgrade to Adobe ColdFusion MX7 
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs 
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:269198
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Validate Password

Reply via email to