Hi,
Part of the site I am building needs to be secured with a password. That password needs to be changed every 24 hours and e-mailed to several addresses. I do not need a MySql database, just the automated password generation and capability to e-mail it. I am a total newbie to PHP and would appreciate any help!!
Thanks so much in advance,
Bettina
Need a new password every 24 hours
Moderator: General Moderators
-
bettina702
- Forum Newbie
- Posts: 2
- Joined: Tue May 19, 2009 11:56 am
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Need a new password every 24 hours
While you do not need one, I would highly recommend it. What have you tried so far?bettina702 wrote:I do not need a MySql database, just the automated password generation and capability to e-mail it.
How are you storing the passwords currently? You can setup a cron job to run every 24 hours to change/email the passwords, and can email the passwords using Swiftmailer.
There is alot of potential for security breach for anything with a packet sniffer and/or basic hacking skills. You need to make sure you are storing the passwords in a safe environment and encrypting the passwords before any transmission (i.e. email, database)
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: Need a new password every 24 hours
You could probably save yourself generating a new password so often by making your system more secure - I would start by...NOT emailing the password, unless you are using a secure socket.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Need a new password every 24 hours
I would suggest you to use a database, they are handy and otherwise, you have more work to do with all that password handling and especially if you have several passwords.
You said you are new to PHP? I would recommend you to show off your code once you are finished, because I am quite certain you will have some sort of vulnerabilities there.
If the passwords are critical, they can be emailed only if the email itself is encrypted (which means you are going to use either GnuPG or PGP). It does not matter if the initial connection is encrypted since the emails probably go through several hops and will be exposed anywayjaoudestudios wrote:I would start by...NOT emailing the password, unless you are using a secure socket.
You said you are new to PHP? I would recommend you to show off your code once you are finished, because I am quite certain you will have some sort of vulnerabilities there.
-
bettina702
- Forum Newbie
- Posts: 2
- Joined: Tue May 19, 2009 11:56 am
Re: Need a new password every 24 hours
Thanks so much for all the replies!
I haven't written any code yet, since I actually had no idea what it entails or where to begin.
I only need one password, and it does need to be emailed since those using the protected area are in multiple locations.
If it works best with a MySql DB behind it, then thats what I will do.
I haven't written any code yet, since I actually had no idea what it entails or where to begin.
I only need one password, and it does need to be emailed since those using the protected area are in multiple locations.
If it works best with a MySql DB behind it, then thats what I will do.