cornelio0202
09-08-2005, 12:04 AM
Passwords and security
I was able to install the Link Directory and create categories as well as add some demo links to check the database design of the Link Directory
Thanks for the great effort.
This is part of the series of suggestions based from analysis of the resulting demo database and the layout.
Suggestion #1: Passwords and security
(1) Increasing the security of the database by encryption of the password.
At present, the password is not encrypted.
(2) Require option for registration and login
At present, anyone can submit a link. This will create a great burden on administrator (especially for sites with limited personnel). More significantly, the process of registration and login will improve security (see related suggestions below)
(3) If login is required, adopt a maximum number of login tries per day
(ban IPs where repeated login tries seem anomalous --> this will require record keeping)
(4) If registration and login are required, provide option for "password recovery"
At present, this feature is not in the Link Directory
(5) If registration and login are required, provide option for "deletion of inactive users", after a defined period of time on inactivity
Note: Many of the above features are incorporated in the Forum of PHP Link Directory, so the script modules for the above suggestions should be available already.
I hope the developers will consider the above for future developments. The lack of encryption of password is especially a great concern.
Thanks for your consideration
I was able to install the Link Directory and create categories as well as add some demo links to check the database design of the Link Directory
Thanks for the great effort.
This is part of the series of suggestions based from analysis of the resulting demo database and the layout.
Suggestion #1: Passwords and security
(1) Increasing the security of the database by encryption of the password.
At present, the password is not encrypted.
(2) Require option for registration and login
At present, anyone can submit a link. This will create a great burden on administrator (especially for sites with limited personnel). More significantly, the process of registration and login will improve security (see related suggestions below)
(3) If login is required, adopt a maximum number of login tries per day
(ban IPs where repeated login tries seem anomalous --> this will require record keeping)
(4) If registration and login are required, provide option for "password recovery"
At present, this feature is not in the Link Directory
(5) If registration and login are required, provide option for "deletion of inactive users", after a defined period of time on inactivity
Note: Many of the above features are incorporated in the Forum of PHP Link Directory, so the script modules for the above suggestions should be available already.
I hope the developers will consider the above for future developments. The lack of encryption of password is especially a great concern.
Thanks for your consideration