To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 7797
7796  |  7798
Subject: 
Re: Password checks (was: Re: LUGNET Memberships)
Newsgroups: 
lugnet.people, lugnet.admin.general
Date: 
Tue, 26 Sep 2000 12:39:36 GMT
Viewed: 
45 times
  
Larry Pieniazek wrote:
This "wipe out all passwords and send a new one" is mighty powerful stuff. Use
with extreme caution. (but you can trust ME of course... so go for it...)

A solution to this could be to do the following:

- when someone asks for a password reset, create a new password for
them, put it in the list, also put it in a special "reset account"
password file (along with the ID).

- when the user receives the "reset" password, they log on using it, and
go to the "reset" page (the system could even detect the use of this
password and automagically send you to this page)

- when the user clicks on the "reset password" button (after reading
what will be done), the system removes all passwords from the password
file, then the system takes the the new password (which it conveniently
has in the reset account file), and automatically enters it into the
main password  file. Once this is done and comitted to disk, the entry
is removed from the "reset password" file.

- if a system crash interrupts this, the system will also check the
"reset password" file to allow you to log on.

- There should also be an "oops" button which removes the reset password
from both files and effectively cancels the reset.

- If the reset password is not used within a certain time limit, it
should be cleared.

This should block DOS by resetting someone's passwords since the person
who receives the e-mail must take action on it.

--
Frank Filz

-----------------------------
Work: mailto:ffilz@us.ibm.com (business only please)
Home: mailto:ffilz@mindspring.com



Message is in Reply To:
  Re: Password checks (was: Re: LUGNET Memberships)
 
(...) No that would work, I wrote down the password you sent me and the two new ones I chose and they are pretty memorable, I hope. Implement something that generates a new password AND wipes out ALL the old ones in one fell swoop. Then send me the (...) (24 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)

113 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR