One solution that I have used is to allow users to choose their username, usually just their email address, but I force a very strong password on them generated with CF. I can control the parameters of the password and what characters are used as well as what length it is. They may not like it, but it's for their protection and mine. And if they forget that password, the system simply issues another equally strong one.
Rick > -----Original Message----- > From: Todd [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 24, 2008 2:58 PM > To: CF-Talk > Subject: Re: SSL Necessary? Important? > > o_O > > Mike, if your bank account gets hacked dude because YOU used the same > username/password for every site the only person to blame here is YOU. I'm > sorry, but this thinking is just way backwards. Should the church also be > responsible if someone stole your ATM card and the PIN number just happened > to be the same as your password?! YOU made the mistake, not the church. > > I'm *in agreement *that account identity information needs to be encrypted > in the database. > > On Jan 24, 2008 1:23 PM, Dawson, Michael <[EMAIL PROTECTED]> wrote: > > > It doesn't matter whose responsibility it is. If a bank account gets > > hacked because of the church's web site, it will hurt the credibility of > > the church. > > > > M!ke > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297356 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
