On Tue, 19 Jan 2010, Tompkins Neil wrote:
I can enforce that the user can't use the same password as the previous four
- when they change their password. However, the user can manipulate this by
changing the password four times and then resetting back to there original
password. How would I overcome this problem ? Any thoughts or
recommendations ?
Probably if your users do that, it means they (rightfully) consider A DAMN
NUISANCE the fact to be compelled to change password. Abandon the idea.
I share their feeling about forcing this change of passwords, and cannot
see almost no real life application (unless perhaps one is a spy) which
really require this degree of security !
--
------------------------------------------------------------------------
Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
------------------------------------------------------------------------
Citizens entrusted of public functions have the duty to accomplish them
with discipline and honour
[Art. 54 Constitution of the Italian Republic]
------------------------------------------------------------------------
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html
------------------------------------------------------------------------
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
