Hehe.
I've been to a few sites that enforce constraints on log in, but not on signup.
End up creating an account you can never log into, cannot signup again w/ same
email address, and the 'forgot password' feature just emails you the password
you cannot login with.
BTW, another important point is when a user requests their password be reset,
you DO NOT REMOVE THE OLD ONE until the new one is confirmed.
Happened to my E-Gold account. Thought I forgot the password, requested a reset,
they sent a new password VIA POSTAL MAIL TO RUSSIA, I then remembered the
password but it was already gone. 3 months later I got the postal mail.
Adam
----- Original Message -----
From: <steve@seasoned-software.com>
To: "Sergei Kolodka" <folio@infocom.zp.ua>; "discuss-list"
<discuss-list@opensrs.org>
Sent: Thursday, May 15, 2003 12:19 PM
Subject: Re: Changing criteria
WOW! You mean some of my frustration, and potential legal troubles, could
be due to some idiot changing password criteria in a moronic way?
EVERYONE! If you change password requirements, make the changes on initial
entry and changes ONLY!!!!!!! NEVER limit what a person enters in this
way. TWO reasons why....
1. You could lock out a LEGITIMATE user FOREVER! (One customer changed
ALL information so that recovering a password, or getting a person to rectify
it is not possible. What if he still had the password? One that ***YOU***
now declare arbitrarily as illegal. Because of THOSE stupid rules, he is
out a domain, and *I* could have problems.(at one point he DID use an
asterisk!))
2. It makes things easier to hack!
OKAY!?
Steve
>-- Original Message --
>Date: Thu, 15 May 2003 18:34:22 +0300
>From: Sergei Kolodka <folio@infocom.zp.ua>
>To: discuss-list <discuss-list@opensrs.org>
>Subject: Re: Changing criteria
>
>
>Hello Csongor,
>
>OpenSRS Live Reseller Update [.de & OpenSRS] - 15/04/2003
>
>
>FC> When registering a new domain one of my clients got this:
>FC> Invalid password syntax: The only allowed characters are all
>FC> alphanumerics (A-Z, a-z, 0-9) and symbols []()!@$^,.~|=-+_{}#
>
>FC> I find it frustrating that the API sometimes changes its validation
>FC> criteria for some fields. Especially when there is no announcement.
Last
>
>FC> time suddenly I was no longer able to use 1 character passwords for
>FC> registration (in the test environment, FYI). Now my client does not
>FC> understand why is it that he can log in using his regular password
>FC> (containing a * character) for an existing profile, and after that
his
>
>FC> new registration just fails.
>
>
>FC> Just my two pieces of ... whatever currency.
>
>FC> - Cs.
>
>
>
>
>
>--
>sK
>
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:43 EDT