| Author |
Topic |
|
mike123
Master Smack Fu Yak Hacker
1462 Posts |
 Posted - 2009-05-20 : 18:27:56
|
| Hi,I'm trying to design a backend for my web application, and am not sure the best way to do this. What I am trying to do is create a 1 time "login key" for users of the web application.Basically, we send out an email, and many users have forgotten their login credentials. We want to include a link to auto-login but we have a few security issues.We only want the link to work for a few days. We only want the link to login once. In the future we will create more links for users. Basically everytime we send an email we will include a new link for the user.Any suggestions on the best way to design this in the database ? Alternative suggestions appreciated too! Thanks again :)mike123 |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2009-05-21 : 01:21:56
|
Design the table wtih a "best before" datetime column.Have you asp page check this "best before" column when referenced.If ok, either update the record "best before" column to null when accepted, or update another column to "used = true" and include this column too when checking "best before" column.
E 12°55'05.63"N 56°04'39.26" |
 |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2009-05-21 : 01:26:01
|
If you want some statistical history, go for option number two and have another datetime column instead of "used = true". Instead set "used = yyyy-mm-dd" so that you can measure how long it takes before user uses the login.If no historical data will be used, go for option number 1.
E 12°55'05.63"N 56°04'39.26" |
|
|
|
mike123
Master Smack Fu Yak Hacker
1462 Posts |
Posted - 2009-05-21 : 02:52:19
|
| Hi Peso,Historical data is not necessary, but I guess having it would be a positive thing in case we wanted to look at it in the future. I like your suggested method, but have a question.Does this mean that each time I want to create a "new" link I will do an insert for each user ? (Thanks!Mike123 |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2009-05-21 : 03:18:51
|
No, you can create 10,000 links beforehand, and only update one record and set the "best before date" for that user.
E 12°55'05.63"N 56°04'39.26" |
|
|
|
mike123
Master Smack Fu Yak Hacker
1462 Posts |
Posted - 2009-05-21 : 05:04:38
|
| Hey Peso,Sorry if I'm not being clear. I want to send users a login link regularly, maybe 2-3x per month. I guess this means I have to insert them as I add more ? Would this still fit your design idea ok ? Thanks again! :)mike123 |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2009-05-21 : 07:41:32
|
Yes.You can easily insert all needed links as records at once, and them email them or whatever.The key thing is the "best before" to make sure link cannot be used forever.
E 12°55'05.63"N 56°04'39.26" |
|
|
|
mike123
Master Smack Fu Yak Hacker
1462 Posts |
Posted - 2009-05-25 : 04:22:40
|
| Hey Peso,Sounds like a great plan, thanks again ! :) |
|
|
|
|
help designing application