Come for the quick hacks, stay for the epiphanies. | |
PerlMonks |
Re: Re: Re: Please don't compromise my privacyby Petruchio (Vicar) |
on Mar 06, 2001 at 06:26 UTC ( [id://62416]=note: print w/replies, xml ) | Need Help?? |
You're quite right, it is limited. On the other hand,
it allows the user, and only the user, to change his
password at any time also, so stealing the password
will be of very limited value as well. And it seems a
trivial limitation when real passwords could be
harvested so easily around here. Your suggestion would also work, and is a bit more efficient than what tilly had suggested. Since under my scheme the user could be assigned, or forced to adopt, a new, local password upon first authentication, the only real difference is the level of automation. Also, with your scheme, there is extra work for someone... the person who must automate the /msg. If this seems trivial, then consider also the difficulty of adding a single textbox to a form, a single field to a database table, and what must be close to the simplest of all CGI programs. But yes, what I have suggested is quite limited, and what you have suggested is a very comparable scheme. Perhaps more interesting would be to consider the real objectives. A great scheme, as I think of it, would:
My suggestion achieves 1, 2 and 4, with the ability to change passwords limiting the problem of failing to achieve 3.Yours achieves 1, 3 and 4, and while it's less efficient on 2, it's not that bad on that account. I wonder whether we can come up with something which achieves all 4.
In Section
Perl Monks Discussion
|
|