On Tue, 19 Jan 2010, Tompkins Neil wrote:
I can enforce that the user can't use the same password as the previous four - when they change their password. However, the user can manipulate this by changing the password four times and then resetting back to there original password. How would I overcome this problem ? Any thoughts or recommendations ?
Probably if your users do that, it means they (rightfully) consider A DAMN NUISANCE the fact to be compelled to change password. Abandon the idea.
I share their feeling about forcing this change of passwords, and cannot see almost no real life application (unless perhaps one is a spy) which really require this degree of security !
-- ------------------------------------------------------------------------ Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy) ------------------------------------------------------------------------ Citizens entrusted of public functions have the duty to accomplish them with discipline and honour [Art. 54 Constitution of the Italian Republic] ------------------------------------------------------------------------ For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html ------------------------------------------------------------------------ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org