A few problems with the way passwords are managed

Anything that shouldn't clutter up the primary best practices mission of this forum.

A few problems with the way passwords are managed

Postby interfasys » Sat Jan 09, 2010 10:22 am

Severe
1) The password reminder is sent in clear text, via email. Why go through the trouble of encrypting everything on the server if it's to send the key on a postcard later? :). The solution would be to redirect the user to a page accessible via https (page in rexdesktop wouldn't work since not everybody is a subscriber).
2) There is a password length limitation in the application, but no warning whatsoever. My password ended up being truncated and I couldn't log into Rexdesktop anymore. One solution would be to make the field longer (64 chars is a good limit) and to warn the user as he types a password when he's reached the limit. Another solution would be to only accept characters up to the number of characters accepted by the application. I type 12345678, you accept 123456, then when I type 12345678, you only read 123456 and accept it. It's not a good one, but better than nothing.

Nice to have
3) we can have up to 4 different passwords if we use all 4 Rex applications. There should be a way to only have to manage one
interfasys
 
Posts: 51
Joined: Thu Jan 07, 2010 5:43 pm
Location: UK & Switzerland

Re: A few problems with the way passwords are managed

Postby interfasys » Tue Jan 12, 2010 10:48 am

Also, the https connection to rexdesktop should be the default one, or even better, https should be the only protocol allowed.
interfasys
 
Posts: 51
Joined: Thu Jan 07, 2010 5:43 pm
Location: UK & Switzerland


Return to Off Topic Catch-All

Who is online

Users browsing this forum: Yahoo [Bot] and 1 guest

cron