On 10/11/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
4. Upon a link being clicked, it then goes through the :salts and checks to make sure the username is within the :hash...
Maybe to clarify this algorithm this bit to make sure I'm understanding you... 4.1. Find a UserValidation object by the given hash (from a link in an email) 4.2. Get the username from the salts array in the UserValidation object 4.3. Find the user associated with the username 4.4. Do whatever else to activate the user For that second step, wouldn't you have to know or hardcode the position of the username? If we're using an array to change how we encrypt periodically, how do we stay flexible and adapt to new salts without having to change hardcoded values? Of course, that's a pretty minor concern compared to the usefulness of this strategy. Thanks a bunch for the input, Jordan. Do you have any references to articles or other discussions on this subject? -- Nick Zadrozny _______________________________________________ Sdruby mailing list [email protected] http://lists.sdruby.com/mailman/listinfo/sdruby
