password-based access control and email
by David Mintz <mambomintz(at)yahoo.com>
|
Date: |
Wed, 13 Feb 2002 14:32:45 -0800 (PST) |
To: |
hwg-languages(at)hwg.org |
|
todo: View
Thread,
Original
|
|
Hello,
I have a couple of clients asking me to set 'members
only' sections of their sites where only members of
organization x can have access and query a database,
update their own entries in a directory, etc.
In such situations it's customary to have an
email-based password reminder service. However, if
email addresses are not unique in the database, then
you could potentially have a problem. If person 1 and
person 2 are both somebody(at)whatever.com, then you're
sending person 1's password to where person 2 can get
it. True, if these two share an email account, there
must be a high level of trust. But if person 1 drops
out of the organization, person 1 could still get this
membership benefit for free whenever person 2 gets an
emailed password reminder. True, people can share
login credentials anyway, but this makes it all the
more inviting.
Also, not real likely, but if non-unique email
addresses are permitted, a person could conceivably
misspell his email address in a way that happens to
match an existing address, and then you'd have
confusion.
Now, a client just handed me a membership data file to
import into MySQL, and it has a good number of members
who share a common email address. I guess they like
doing that.
Question: am I overlooking some way around this issue,
or do I have to tell them they have to get unique
email addresses?
Thanks,
David Mintz
Spanish Interpreter
US District Court, Southern District of New York
Web Design & Hosting http://www.dmintzweb.com/
Personal http://www.panix.com/~dmintz/
"You want me to pour the beer, Frank?"
__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
HWG: hwg-languages mailing list archives,
maintained by Webmasters @ IWA