old passwords ?
Although, on an OT, forcing people to not use a password that they
have recently used is a bad idea. What they eventually do is go with
something like hometown01 hometown02, etc. Or worse, they start
writing down their passwords which is a whole other security
Subject: Re: Record old passwords ?
Although, on an OT, forcing people to not use a password that they
have recently used is a bad idea. What they eventually do is go with
something like hometown01 hometown02, etc. Or worse, they start
writing down their passwords which is a whole
On Tue, 19 Jan 2010, Tompkins Neil wrote:
I can enforce that the user can't use the same password as the previous four
- when they change their password. However, the user can manipulate this by
changing the password four times and then resetting back to there original
password. How would I
On 21/01/2010 11:07, Lucio Chiappetti wrote:
On Tue, 19 Jan 2010, Tompkins Neil wrote:
I can enforce that the user can't use the same password as the
previous four
- when they change their password. However, the user can manipulate
this by
changing the password four times and then resetting
On 1/19/2010 7:49 AM, Mark Goodge wrote:
On 19/01/2010 14:44, Tompkins Neil wrote:
Hi All,
Following on from my earlier email - I've the following question now :
I can enforce that the user can't use the same password as the
previous four
- when they change their password. However, the user
As an auditor once told me,
If you can do your job, then I'm not doing my job.
Regards,
Jerry Schwartz
The Infoshop by Global Information Incorporated
195 Farmington Ave.
Farmington, CT 06032
860.674.8796 / FAX: 860.674.8341
www.the-infoshop.com
--
MySQL General Mailing List
For list
On Wednesday 20 January 2010 01:10, Daevid Vincent wrote:
-Original Message-
From: John Meyer [mailto:john.l.me...@gmail.com]
Sent: Monday, January 18, 2010 5:04 PM
To: co...@obviouslymalicious.com; mysql@lists.mysql.com
Subject: Re: Record old passwords ?
Although, on an OT
Hi
Thanks for all the replies. For your information, we are going to store
passwords using SHA256. I think I will go with the four additional column
approach as I proposed (in the current table) - since this need is a PCI
compliancy security requirement. I can then pull all the data with one
Hi All,
Following on from my earlier email - I've the following question now :
I can enforce that the user can't use the same password as the previous four
- when they change their password. However, the user can manipulate this by
changing the password four times and then resetting back to
Yes, I was thinking something along these lines e.g can only change password
once a day ? Also, what do operating systems like Windows etc do in this
respect ?
Cheers
Neil
On Tue, Jan 19, 2010 at 2:53 PM, David Lazo lazo.da...@gmail.com wrote:
I would say make it more difficult for the user
On 19/01/2010 14:44, Tompkins Neil wrote:
Hi All,
Following on from my earlier email - I've the following question now :
I can enforce that the user can't use the same password as the previous four
- when they change their password. However, the user can manipulate this by
changing the
On 19/01/2010 09:14, Tompkins Neil wrote:
I think I will go with the four additional column
approach as I proposed (in the current table) - since this need is a PCI
compliancy security requirement.
Do you have a reference for that? Storing past passwords as additional
fields like that is
-Original Message-
From: John Meyer [mailto:john.l.me...@gmail.com]
Sent: Monday, January 18, 2010 5:04 PM
To: co...@obviouslymalicious.com; mysql@lists.mysql.com
Subject: Re: Record old passwords ?
Although, on an OT, forcing people to not use a password that they
have
Hi
I'm in the process of designing a login system to a secure web page using
MySQL. One of the features is we need to record and ensure that the user
password is different from any of the last four passwords he/she has used.
I was thinking of create four fields called Password1, Password2,
I'm still pretty new on the list, so take it easy on me if I'm way off
base. But I think you'd be better off with a table just for old
passwords. I think you could get by with four columns: id(primary
key), user_id, old_pw, change_date. It should make your validation
query and inserts much
Using multiple columns to hold essentially the same data is generally a
bad idea: Business requirements may change over time, forcing you to
change both the schema and your programming logic.
Better to use a table consisting of username/changedate/password. One
year from now, when your
On January 18, 2010 01:34:15 pm Tompkins Neil wrote:
Hi
I'm in the process of designing a login system to a secure web page using
MySQL. One of the features is we need to record and ensure that the user
password is different from any of the last four passwords he/she has used.
I was
On 1/18/2010 5:52 PM, Colin Streicher wrote:
On January 18, 2010 01:34:15 pm Tompkins Neil wrote:
Hi
I'm in the process of designing a login system to a secure web page using
MySQL. One of the features is we need to record and ensure that the user
password is different from any of the last
On 1/18/2010 6:52 PM, Colin Streicher wrote:
On January 18, 2010 01:34:15 pm Tompkins Neil wrote:
Hi
I'm in the process of designing a login system to a secure web page using
MySQL. One of the features is we need to record and ensure that the user
password is different from any of the
19 matches
Mail list logo
