What I do for applications is: User fills out form and set their password. The DB has an extra field called "status" for every table.
That status gets set to a 16 character random String that gets sent in an email to their specified address. In that email is a link to: www.site.com/[EMAIL PROTECTED]&status=HHJKLEOO439932PO3 The activate action then sets the status in the db to "active". All login attempts then validate username/password and the status equal to "active". BTW, most DBA's I know say to never delete data from the database. Use an extra field called "status" to set the field to "deleted" or "inactive" if need be. -Jacob | -----Original Message----- | From: David Graham [mailto:[EMAIL PROTECTED] | Sent: Friday, March 21, 2003 2:17 PM | To: [EMAIL PROTECTED] | Subject: Re: user active vs. user role | | I would use a database field for this so every app. accessing the database | can use the feature. Even if you only have one app. now, you may have | more | in the future. | | David | | | | >From: Dan Allen <[EMAIL PROTECTED]> | >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> | >To: [EMAIL PROTECTED] | >Subject: user active vs. user role | >Date: Fri, 21 Mar 2003 14:14:16 -0600 | > | >Just a quick little security question here. Do you think it would | >be better to make a special role for inactive users or do you think | >that an active/inactive switch should be a field in the datatable | >for the user? | > | >Basically, the user signs up, but then they have to be activated | >before they can do anything. | > | >Dan | > | >-- | >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | >Daniel Allen, <[EMAIL PROTECTED]> | >http://www.mojavelinux.com/ | >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | >"The Linux philosophy is to laugh in face of danger. Oops. | >Wrong one. 'Do it yourself' That's it" | > -- Linus Torvalds | >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | > | >--------------------------------------------------------------------- | >To unsubscribe, e-mail: [EMAIL PROTECTED] | >For additional commands, e-mail: [EMAIL PROTECTED] | > | | | _________________________________________________________________ | The new MSN 8: smart spam protection and 2 months FREE* | http://join.msn.com/?page=features/junkmail | | | --------------------------------------------------------------------- | To unsubscribe, e-mail: [EMAIL PROTECTED] | For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
