Hi all,
I am trying to create a username and a password class.
I would like to know what are the RECOMMENDED minimum and maximum length
for both fields?
These fields will be something like this:
private static final int DEFAULT_MINIMUM _LENGTH = ??????
private static final int DEFAULT_MAXIMUM _LENGTH = ??????
I can easily specify my own values but I would like the classes to be
scalable and caters for future needs. Hence, I would like them to be
globally accepted.
While at it, what are the taboo characters for both values -
username/password?
Thanks in advance. 4 6073
Lobang Trader wrote: I would like to know what are the RECOMMENDED minimum and maximum length for both fields?
I doubt if you'll get users to accept a minimum of more than 6.
I don't seem much point in having a maximum.
While at it, what are the taboo characters for both values - username/password?
Why have any ?
There may be business reasons for dissalowing some characters in user names,
<tab> for example would not look good on a generated report. But that's a
business decision.
An argument could be made that forbidding " and ' would make SQL-injection
attacks less likely, but my personal opinion is that anyone who assembles SQL
statements by concatenating user-supplied strings should be shot (just as a
matter of course) so the restriction would -- at best -- encourage a false
sense of security.
-- chris
Lobang,
I would recommend not setting a default min/max length for
usernames (or, if you do, make it something like 300 characters or
something, and for passwords, they should be as long as the user
wants, and just store/compare the hash of the password. So if I want
War and Peace (the contents) to be my password, that's cool.
My $0.02.
Michael Scovetta
Lobang Trader <lo**********@h otmail.com> wrote in message news:<40******@ news.starhub.ne t.sg>... Hi all,
I am trying to create a username and a password class.
I would like to know what are the RECOMMENDED minimum and maximum length for both fields?
These fields will be something like this:
private static final int DEFAULT_MINIMUM _LENGTH = ?????? private static final int DEFAULT_MAXIMUM _LENGTH = ??????
I can easily specify my own values but I would like the classes to be scalable and caters for future needs. Hence, I would like them to be globally accepted.
While at it, what are the taboo characters for both values - username/password?
Thanks in advance.
Michael Scovetta wrote: Lobang, I would recommend not setting a default min/max length for usernames (or, if you do, make it something like 300 characters or something, and for passwords, they should be as long as the user wants, and just store/compare the hash of the password. So if I want War and Peace (the contents) to be my password, that's cool.
Not to disagree, but i disagree. ;-)
Firstly if these logins are going into a db, allowing arbitrary lengths
can lead to very avoidable performance issues. Why have a "Text"-type
datafild when you can use the faster varchar( 32 ). if you will have
many logins, that will lead to big performance and storage gains.
Why not just limit it at 32? Why allow a 15 megabyte username? Or a
user name that someone types in as "LobangTrad er " the space being
added by the the user's kid pressing on the space bar while on the
phone. You should at least trim it.
Also the day that you might want to do LDAP synchronization or
synchronization with any other service that needs a login, you might
have problems since half your uses use @ in there names, but XXX server
doesn't allow it. Allowing names of like 32 characters, no spaces, only
letters, numbers and _,- and the other common ones would go a long way.
Furthermore the day that maby you want to make a script to give them
access to a unix or ftp account, its there. That's scallability baby :)
Also for passwords, i would reccomend not storing passwords at all. You
can do an MD5 password check really easily, and it frees the server from
any liability lawsuits about poeple saying "someone stole my password
off your server".
So what you do is you get the login and password, and MD5 the password
and store that into your database. Then when the user tries to logon,
you get the (HTTPS!) form data and use the java.securirty. MessageObject
class to get an MD5 encoder. MD5 is like a "code" for a string. Its
called a "one-way cypher" because you encode it one way and its
virtually impossible to decode it from the MD5 back to the original string.
Now since you are using MD5, you shouldn't allow to long of passwords
because your probability of collision (two different passwords having
the same MD5) go up as the string is big. I'de just limit it to 64
characters. A 64 character password is a pretty good limit.
Now you may ask, what if the user forgets his/her password and needs a
"get my password" e-mail? well just don't use them. Send them an e-mail
with a couple security questions, going to a specified link code that
expires in XX time like paypal, e-bay etc. Its not really hard to
implement and its pretty secure. Put a couple sample questions like
"what's your favorite food", "Your pet's name", "The street you grew up
on" etc. With that you don't need to store passwords and that helps
free your company of this type liability. (yee! :) ). Contact a lawyer
to make sure though :) since i'me not a lawyer i can't say what frees
you from liability.
At work, a friend of mine actually made an MD5 cypherer in javascript so
even the post data, through HTTPS, was beying encoded. That means that
we didn't even know the password at any given time throughout the
process. Kind of cool to treat log ins and passwords without knowing
the passwords :)
Anyway thats my 0.02$ CAD so that brings you up to real money now! Lobang Trader <lo**********@h otmail.com> wrote in message news:<40******@ news.starhub.ne t.sg>...
Hi all,
I am trying to create a username and a password class.
I would like to know what are the RECOMMENDED minimum and maximum length for both fields?
These fields will be something like this:
private static final int DEFAULT_MINIMUM _LENGTH = ?????? private static final int DEFAULT_MAXIMUM _LENGTH = ??????
I can easily specify my own values but I would like the classes to be scalable and caters for future needs. Hence, I would like them to be globally accepted.
While at it, what are the taboo characters for both values - username/password?
Thanks in advance.
Hi,
With regard to the password, I'd suggest an absolute minimum of six
characters. I prefer a minimum of eight characters. As Chris said,
the end users may want only six. Maximum? IMHO, twelve may be a good
practical limit. Not too many people are going to remember a
twelve-character or longer password ;-)
I personally like to stay away from the special characters, i.e. those
which are not letters or numbers. :-)
Yoyoma's discussion about hashing the password and storing the hash in
the database is right on the money. I wrote a password-handling class
some time ago which does just that, using java.security.M essageDigest
and the SHA algorithm(MD5 can also be used). The password is hashed
and then stored in the database table. Upon login, the entered
password is hashed; the hash is compared to the stored hash in the
database and the result dictates where the application goes next.
Have fun,
- Glenn
Lobang Trader <lo**********@h otmail.com> wrote in message news:<40******@ news.starhub.ne t.sg>... Hi all,
I am trying to create a username and a password class.
I would like to know what are the RECOMMENDED minimum and maximum length for both fields?
These fields will be something like this:
private static final int DEFAULT_MINIMUM _LENGTH = ?????? private static final int DEFAULT_MAXIMUM _LENGTH = ??????
I can easily specify my own values but I would like the classes to be scalable and caters for future needs. Hence, I would like them to be globally accepted.
While at it, what are the taboo characters for both values - username/password?
Thanks in advance. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Philip D Heady |
last post by:
Hi, I'm validating a simple form for input via post ($PHP_SELF). Near the
end I check for username and password. I'm using simple if, elseif, else
statements.
I require them to enter password twice and check that they match. Problem is
script doesn't valide past username input and I dont know why!! If you don't
enter a password it doesn't do the validation anymore, it just dies for some
reason. I would greatly appreciate anyones help,...
|
by: Hennie de Nooijer |
last post by:
Because of an error in google or underlying site i can reply on my own
issue. Therefore i copied the former entered message in this message.
-------------------------------------REPY----------------------------------
Hi Maybe i wasn't clear. I want to dynamically check whether what the
lowest date and the highest date is in the calendar table. The
presented solutions has fixed dates and i don't want that.
If i could store a global...
|
by: Patrick.O.Ige |
last post by:
I have a code below.(It validates against a SQL DB(login page).thats is
giving me an error!
When i try to use :- Session = dr.ToString();
To catch the username so as to redirect the user logged in to another
page....PRINTING
Hello:- John .. for example
It says ERROR:- System.IndexOutOfRangeException: username.Text
What does this mean and how can i correct it
PLS HELP!!
|
by: Dino Vliet |
last post by:
Hi folks,
probably this is a question you've heard so many times
but I wasn't able to find a solution to it.
I'm using a shell script to create a textfile for me.
It looks like
#!/usr/local/bin/bash
psql -c "select foo from bar;" -d database1 -t
psql -c "\q" -d database1
exit 0
|
by: Jeff |
last post by:
hey
asp.net 2.0
I'm trying to create a web page where users can register to my web portal.
But I've run into a layout problem when using the data validator classes.
The problem is that the error message is not displayed on the same row as
the control it's validating. Check this link and you see an example of the
problem: http://home.online.no/~au-holme/pub/14506/problem.GIF the text
"Password and confirm password must match" is not...
| |
by: Scott |
last post by:
In order to give a meaning average value and minimum and maximum values, I
would like to have a formula for a group of data after taking out those
extremes. Can someone share your way to accomplish it.
Thanks,
Scott
|
by: gunimpi |
last post by:
http://www.vbforums.com/showthread.php?p=2745431#post2745431
********************************************************
VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help
wanted
********************************************************
For this teeny job, please refer to:
http://feeds.reddit.com/feed/8fu/?o=25
|
by: Boujii |
last post by:
<html>
<head>
<title>Add New MySQL User</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?
if(isset($_POST))
{
|
by: George Lft |
last post by:
ok, first of all, i built my register page using dreamweaver tool which the codes haven been out of control. Now i'm thinking that turning over everything - by using this another set of codes. And these new sets of codes have overwhelmed me a bit. Here's the new code:
CREATE TABLE `users` (
`ID` int(11) NOT NULL auto_increment,
`Username` varchar(255) NOT NULL,
`Password` varchar(255) NOT NULL,
`Temp_pass` varchar(55)...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |