List:General Discussion« Previous MessageNext Message »
From:SH Date:January 18 2010 6:49pm
Subject:Re: Record old passwords ?
View as plain text  
I'm still pretty new on the list, so take it easy on me if I'm way off
base.  But I think you'd be better off with a table just for old
passwords.  I think you could get by with four columns: id(primary
key), user_id, old_pw, change_date.  It should make your validation
query and inserts much easier.  You could simply "select * from
oldpwtbl where user_id='theuser' order by change_date desc limit 4;"
(disregard my poor syntax) to see if they are repeating.

One other thing I think would be more secure is to store a hash of the
password, instead of the password itself.

Anyway, that's my input.

Scott

On Mon, Jan 18, 2010 at 12:34 PM, Tompkins Neil
<neil.tompkins@stripped> wrote:
> Hi
>
> I'm in the process of designing a login system to a secure web page using
> MySQL.  One of the features is we need to record and ensure that the user
> password is different from any of the last four passwords he/she has used.
>  I was thinking of create four fields called Password1, Password2, Password3
> and Password4 to record the old passwords.
>
> Is this a preferred method - or does anyone else have any recommendations ?
>
> Thanks,
> Neil
>
Thread
Record old passwords ?Tompkins Neil18 Jan
  • Re: Record old passwords ?SH18 Jan
  • Re: Record old passwords ?Carsten Pedersen18 Jan
  • Re: Record old passwords ?Colin Streicher19 Jan
    • Re: Record old passwords ?John Meyer19 Jan
      • RE: Record old passwords ?Daevid Vincent20 Jan
        • Re: Record old passwords ?Jørn Dahl-Stamnes20 Jan
          • Re: Record old passwords ?Tompkins Neil22 Jan
            • Re: Record old passwords ?Suresh Kuna27 Jan
    • Re: Record old passwords ?Carlos Proal19 Jan
      • Re: Record old passwords ?Tompkins Neil19 Jan
        • Re: Record old passwords ?Tompkins Neil19 Jan
          • Re: Record old passwords ?Mark Goodge19 Jan
            • Re: Record old passwords ?John Meyer21 Jan
              • RE: Record old passwords ?Jerry Schwartz21 Jan
          • Re: Record old passwords ?Lucio Chiappetti21 Jan
            • Re: Record old passwords ?Mark Goodge21 Jan
        • Re: Record old passwords ?Mark Goodge19 Jan
Re: Record old passwords ?Tompkins Neil19 Jan