设置数据库“用户”表以进行密码恢复
[英]Set database 'user' table for password recovery
问题描述
I have a question. 
我有个问题。 I'm implementing a password recovery, then I thought: "What if a 'stranger' makes an unauthorized password recovery, changing someone's else password?" 我正在实施密码恢复,然后我想:“如果'陌生人'进行未经授权的密码恢复,更改其他人的密码怎么办?” So, my first decision is: I'll set two fields in the 'user' table, called 'password' and 'temp_password'. 因此,我的第一个决定是:我将在“用户”表中设置两个字段,分别称为“密码”和“ temp_password”。 If the real user asks for a password recovery, the new random password will be stored in 'temp_password' and an e-mail will be sent. 如果实际用户要求恢复密码,新的随机密码将存储在“ temp_password”中,并发送电子邮件。 In this way, a spiteful user won't change anyone else password and the e-mail owner can deny the password change attempt. 这样,恶意用户就不会更改其他任何人的密码,并且电子邮件所有者可以拒绝密码更改尝试。 Is that right? 那正确吗? Thank you in advance for your help. 预先感谢您的帮助。 Greetings 问候
1 个解决方案
解决方案1
0 已采纳 2014-08-07 18:41:33
I would suggest you normalize this by storing the temp password in a separate table from your user table. 我建议您通过将临时密码存储在与user表不同的表中来对此进行规范化。 Each user will most likely have multiple password recovery attempts during their lifetime and you'll want to store a record of each of those attempts for posterity. 每个用户一生中很可能会进行多次密码恢复尝试,并且您希望为后代存储每次尝试的记录。
If you keep the field in the user table, each subsequent request after the first password recovery request will override the previous one. 如果将字段保留在user表中,则在第一个密码恢复请求之后的每个后续请求将覆盖前一个请求。
Make sure you have a column in this new table that indicates which request is currently active and have server side / database scripts that ensure only one row per user ID can have an active flag. 确保在此新表中有一列,指示当前正在激活哪个请求,并具有服务器端/数据库脚本,以确保每个用户标识只有一行可以具有活动标志。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.