Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Users and Profiles DB and Forgotten password
Users and Profiles DB and Forgotten password
  • El Forum
    Guest
  •  
#2
06-09-2009, 07:05 AM

[eluser]Dan Horrigan[/eluser]
I use seperation becasue of seperation of data types. The users table contains authentication information, and the profiles table contains user information. Why mix the two?

The forgotten password system you proposed is flawed in a few ways:
1. People hate resetting their passwords.
2. Using Sha1 hashes opens the system up for attack.

The better solution would be to keep the passowrd encrpyted in the database (CI has a very nice Encryption class). When the user forgets the password they can enter their email address and be emailed the password. If you are uncomfortable with emailing the password, you could email them a password retrival code. That code could be a random number that was hashed, then encrypted with a random salt, then just take the first 10 characters or something and make that the code.

Sorry if it is not very detailed, it is too early for that Smile


Messages In This Thread
Users and Profiles DB and Forgotten password - by El Forum - 06-08-2009, 11:37 PM
Users and Profiles DB and Forgotten password - by El Forum - 06-09-2009, 07:05 AM
Users and Profiles DB and Forgotten password - by El Forum - 06-09-2009, 08:21 AM
Users and Profiles DB and Forgotten password - by El Forum - 06-09-2009, 08:26 AM
Users and Profiles DB and Forgotten password - by El Forum - 06-09-2009, 09:14 AM
Users and Profiles DB and Forgotten password - by El Forum - 06-09-2009, 09:39 AM
Users and Profiles DB and Forgotten password - by El Forum - 06-09-2009, 10:05 AM



Theme © iAndrew 2016 - Forum software by © MyBB