Only one full week of classes left in my undergraduate career! Focus is a difficult commodity to come by these days, but I managed to put off falling into a coma long enough to get this last exercise completed. Now, with no further jabbering:
8.1
This exercise is in three parts and deals with making the default password more secure, as well as making password retrieval a more automatic process.
a) Suggest a more secure definition for default password assignment in RMH Homebase.
I think the best way to tackle this, other that actually have the user create a password upon sign up, is to have the system generate a pseudo-random password consisting of both lower and uppercase characters, and also some numbers and special characters.
b) When a person forgets his password, suggest a way by which the person can recover it without bothering the House Manager
The best way to deal with this would be to have a secret question and answer setup. The user picks through a list of stock questions, picks one, and then provides a pass phrase that is associated with the question.
c) Implement these ideas and then test them.
For the random password generator I made the following function:
<?php
function generatePassword($length=9) {
$special = '@#$%&';
$letters = 'aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ';
$password = '';
$alt = time() % 2;
for ($i = 0; $i < $length; $i++) {
if ($alt == 1) {
$password .= $letters[(rand() % strlen($letters))];
$alt = 0;
} else {
$password .= $special[(rand() % strlen($special))];
$alt = 1;
}
}
return $password;
}
?>
The code generates a pseudo-random password of length 9 by alternating through the alphabet and special characters.
For implementing the question/answer password recovery functionality, I created a new module called recovery.php. All this class does is have an array of stored strings (questions) that can be chosen from. Once chosen, the user can then input a pass phrase. Both the question and the pass phrase are stored in a new table in the database. The assignment did not say anything about connecting any of this to the GUI, so I left that part out and just made some new unit tests to make sure everything worked. Done!
No comments:
Post a Comment