I'm still pretty new on the list, so take it easy on me if I'm way off base. But I think you'd be better off with a table just for old passwords. I think you could get by with four columns: id(primary key), user_id, old_pw, change_date. It should make your validation query and inserts much easier. You could simply "select * from oldpwtbl where user_id='theuser' order by change_date desc limit 4;" (disregard my poor syntax) to see if they are repeating.
One other thing I think would be more secure is to store a hash of the password, instead of the password itself. Anyway, that's my input. Scott On Mon, Jan 18, 2010 at 12:34 PM, Tompkins Neil <neil.tompk...@googlemail.com> wrote: > Hi > > I'm in the process of designing a login system to a secure web page using > MySQL. One of the features is we need to record and ensure that the user > password is different from any of the last four passwords he/she has used. > I was thinking of create four fields called Password1, Password2, Password3 > and Password4 to record the old passwords. > > Is this a preferred method - or does anyone else have any recommendations ? > > Thanks, > Neil > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
