Minal:
Hello! Some answers:
> I have studied all the technical specifications of Kaboodle website.I
> had a doubt related to database porting issue.
>
> Excerpt from your 1st point:
>
> 1. User's login using their email address and some password.The
> password cannot be stored in plaintext: it needs to bestored encrypted
> with a symmetric key. This will violate the currently existing data
> where the password is in plaintext. So according to me, it will be
> easier to create a similar new database, instead of porting the existing
> database to MySQL, since the database is having only two tables. Could
> you please suggest me the option for this? Also do I need to maintain
> the data of exiting user that current database is having?
I think my reply to Arati on 9 Oct 02 helps here:
|1. The user's encrypted password should be kept in the database.
| If we use Perl's crypt() function it's easy. That function
| returns a 13-character encryped string, where the first two
| characters are the salt for the encryption. So if the user
| registers with the password "mumbai", we store the crypt
| results of crypt("mumbai",rand(@salts)) into the database.
| The next time the user logs in, we check to see if what
| they enter, crypt'd, matches what is stored. That is, check
| to see what crypt($password-entered,$enc-pwrd-from-dbase)
| is. This way we don't keep any passwords, and someone would
| have to steal the database and crack an 11-character password
| (my PC takes 44 days to crack an 8-character one).
Since we have the plaintext passwords, it should be easy
to simply run them thru Perl's crypt() function to create the
initial 13-character encryped strings. We then store that output
into MySQL.
Also, I wanted to emphasize: please just model what
you're building after PayPal's site. A plain white background,
some tabs at the top, a login screen with an email address. I'll
trick it up later to look like Kaboodle PropertyPanels.
Lastly, I'm sorry but I don't have a chat account
anywhere. I prefer email, CC'ing the developer's list, so there's
a searchable history of the process.
thanks,
Scott
-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Kaboodle-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/kaboodle-devel
