mailto:john.l.me...@gmail.com]
> > > > Sent: Monday, January 18, 2010 5:04 PM
> > > > To: co...@obviouslymalicious.com; mysql@lists.mysql.com
> > > > Subject: Re: Record old passwords ?
> > > >
> > > > Although, on an OT, forcing people to not use a
om; mysql@lists.mysql.com
> > > Subject: Re: Record old passwords ?
> > >
> > > Although, on an OT, forcing people to not use a password that they
> > > have recently used is a bad idea. What they eventually do is go with
> > > something like "home
As an auditor once told me,
"If you can do your job, then I'm not doing my job."
Regards,
Jerry Schwartz
The Infoshop by Global Information Incorporated
195 Farmington Ave.
Farmington, CT 06032
860.674.8796 / FAX: 860.674.8341
www.the-infoshop.com
--
MySQL General Mailing List
For list ar
On 1/19/2010 7:49 AM, Mark Goodge wrote:
On 19/01/2010 14:44, Tompkins Neil wrote:
Hi All,
Following on from my earlier email - I've the following question now :
I can enforce that the user can't use the same password as the
previous four
- when they change their password. However, the user ca
On 21/01/2010 11:07, Lucio Chiappetti wrote:
On Tue, 19 Jan 2010, Tompkins Neil wrote:
I can enforce that the user can't use the same password as the
previous four
- when they change their password. However, the user can manipulate
this by
changing the password four times and then resetting bac
On Tue, 19 Jan 2010, Tompkins Neil wrote:
I can enforce that the user can't use the same password as the previous four
- when they change their password. However, the user can manipulate this by
changing the password four times and then resetting back to there original
password. How would I ov
On Wednesday 20 January 2010 01:10, Daevid Vincent wrote:
> > -Original Message-
> > From: John Meyer [mailto:john.l.me...@gmail.com]
> > Sent: Monday, January 18, 2010 5:04 PM
> > To: co...@obviouslymalicious.com; mysql@lists.mysql.com
> > Sub
> -Original Message-
> From: John Meyer [mailto:john.l.me...@gmail.com]
> Sent: Monday, January 18, 2010 5:04 PM
> To: co...@obviouslymalicious.com; mysql@lists.mysql.com
> Subject: Re: Record old passwords ?
>
> Although, on an OT, forcing people to not use a pass
On 19/01/2010 09:14, Tompkins Neil wrote:
I think I will go with the four additional column
approach as I proposed (in the current table) - since this need is a PCI
compliancy security requirement.
Do you have a reference for that? Storing past passwords as additional
fields like that is infl
On 19/01/2010 14:44, Tompkins Neil wrote:
Hi All,
Following on from my earlier email - I've the following question now :
I can enforce that the user can't use the same password as the previous four
- when they change their password. However, the user can manipulate this by
changing the passwor
Yes, I was thinking something along these lines e.g can only change password
once a day ? Also, what do operating systems like Windows etc do in this
respect ?
Cheers
Neil
On Tue, Jan 19, 2010 at 2:53 PM, David Lazo wrote:
> I would say make it more difficult for the user add another field wit
Hi All,
Following on from my earlier email - I've the following question now :
I can enforce that the user can't use the same password as the previous four
- when they change their password. However, the user can manipulate this by
changing the password four times and then resetting back to ther
Hi
Thanks for all the replies. For your information, we are going to store
passwords using SHA256. I think I will go with the four additional column
approach as I proposed (in the current table) - since this need is a PCI
compliancy security requirement. I can then pull all the data with one
q
On 1/18/2010 6:52 PM, Colin Streicher wrote:
On January 18, 2010 01:34:15 pm Tompkins Neil wrote:
Hi
I'm in the process of designing a login system to a secure web page using
MySQL. One of the features is we need to record and ensure that the user
password is different from any of the last
On 1/18/2010 5:52 PM, Colin Streicher wrote:
On January 18, 2010 01:34:15 pm Tompkins Neil wrote:
Hi
I'm in the process of designing a login system to a secure web page using
MySQL. One of the features is we need to record and ensure that the user
password is different from any of the last fou
On January 18, 2010 01:34:15 pm Tompkins Neil wrote:
> Hi
>
> I'm in the process of designing a login system to a secure web page using
> MySQL. One of the features is we need to record and ensure that the user
> password is different from any of the last four passwords he/she has used.
> I was
Using multiple columns to hold essentially the same data is generally a
bad idea: Business requirements may change over time, forcing you to
change both the schema and your programming logic.
Better to use a table consisting of username/changedate/password. One
year from now, when your boss/c
I'm still pretty new on the list, so take it easy on me if I'm way off
base. But I think you'd be better off with a table just for old
passwords. I think you could get by with four columns: id(primary
key), user_id, old_pw, change_date. It should make your validation
query and inserts much easie
18 matches
Mail list logo