|
Posted by Cord-Heinrich Pahlmann on 01/06/07 17:47
Peter Fox schrieb:
> Ouch!
> If all you're doing is implementing a forgotten password get-out then
> this is far too complex and worrying.
Nope. I just want to have a tool which remembers all my passwords for
all the different forums I use. And I want to access them whereever I
am.
> I think you need to may need to rethink your security model. Why are
> there lots of passwords? Surely you would have a simpler system if you
> had rules for which *validated* user could do what thing. This is easy
> to set up and administer. Why do they need to provide yet another
> secret (with all the hassle that you're finding out about the hard way)
> when you know who they are and what they're entitled to do?
If my google-groups password would be Hg#&5d16Hgsd I would not be able
to remember it. Thats why I store this password (along with a lot of
other forum passwords) crypted in the DB.
The only reason why I have that second instance (with the secret KEY ->
nobody knows) is that I don't want to store the
clear-text-login-password (to my script) in the $_SESSION-Variable.
I hope that the following jpg clearly show what my intentions are.
http://www.pahlmann.biz/org.jpg
Navigation:
[Reply to this message]
|