> I strongly disagree, and I'm doing it for a email service I run for a > non-profit. The potential user enters the username they want, I check to > make sure there is no other user or alias with that name, I "reserve" that > username for 30 min, get the credit card number from them, processes it, and > if the charge goes through, I insert a record with the username, domain, > crypted and clear text password and quota. The account is now available for > immediate use. So explain to me exactly what validation and other features > I've lost control over?
THRITY minutes? An auth should only take 9 seconds including dial time, and never more than 15 seconds. See, you're just doing everything wrong ;) (j/k! I'm just being difficult :P) Rick
