|
|
Posted by Paul Lautman on 12/18/20 11:50
Colin McKinnon wrote:
> AlexVN wrote:
>
>> Katash,
>>
>> Generally, when passwords are stored as hashes, the "retrieve
>> password" option is logically impossible. The "Reset password"
>> option is used instead, when the new password is mailed to the user
>> in case when he forget the password.
>>
>
> But bear in mind that, if trivially implemented, this *changes* the
> password and can therefore be used as a DOS attack against the user.
>
> A better method is:
>
> In the database have columns for an old and new password for each
> customer.
>
> When the customer logs in (presenting userpass), if the new password
> is blank, compare userpass with old password to determine access.
> If the new password is not blank, compare new password with userpass
> - if they match, set old password = new password, and new password =
> null.
>
> If the new password is not blank and does not match userpass, compare
> userpass with with old password. If it matches then leave new
> password as it is.
>
> If a request comes for a new password, calculate the new password for
> the user, update the new password in the database, and send out the
> old password.
>
> HTH
>
> C.
What is the point of the new password field if the user never gets to find
out what the new password is?
Navigation:
[Reply to this message]
|