If this method is used, the website would then have to use two different login forms, right? Here's the two scenarios I see:
1) USER REGISTRATION & STANDARD LOGIN 1a) user fills out registration form to become member 1b) while filling the form out, the PW is encrypted via dwzEncrypt (onBlur of PW field) 1c) user submits form and encrypted PW is stored into the database 1d) user fills in login form with PW. PW is encrypted via dwzEncrypt 1e) encrypted PW is cross referenced in database.
2) PASSWORD RESET (TEMP PASSWORD) & NON-ENCRYPTED LOGIN (?) 2a) user resets password, new temp password is created with dwzRandomPassword 2b) temp password is stored into the database 2c) temp password is emailed to the user 2d) since the temp password is NOT encrypted, the user cannot use the standard login page since it's encrypting the password (see 1b above)
Are you expecting that people are to use a different form to login which is NOT encrpted? Since there is no other method to encrypt besides the onBlur ([url]http://dwzone-it.com/Forum/topic.asp?TOPIC_ID=856), this encryption cannot be automated since it requires user interaction (ie: after temp password is generated, it would be nice if we could automatically encrypt the temp password to store to the database).
Thoughts? Thanks for the help and suggestions.
|
|
|