• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Bear Bibeault
  • Rob Spoor
  • Henry Wong
  • Liutauras Vilda
Saloon Keepers:
  • Tim Moores
  • Carey Brown
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Frits Walraven
  • Himai Minh
  • Jj Roberts

correct implement registration

Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So, as I end up implementing whatever solution in som language anyway I'd like to have topic general.

My rather simple question is: Given a properly secured channel (TLS with DANE and a DNSSEC secured domain) how best implement a simple user registration?
I'm aware of concepts like hashing with salt or even use one-time--pad schemes. But as far as I'm aware there's that one initial step the users login credentials somehow has to be set initially.
One type I encounter on a daily basis is to use the users e-mail-address as ID, have the user request a one-time-use token send via e-mail (as there's no way to secure that I may would opt to not use it) and then set a new password by supply the e-mail-address, the one-time-token and the new password. To validate this the server then might check a few things like: comes the second request from the same remote IP the first one came, was the token already used, do the data match up - but this leads me to the question: How to transmit the password? Send it in plain as the channel is taken to be secure? Hash it already on the client and only transmit the hash? Re-use the token as salt?

Or to put it this way: How do I end up with something reproduceable in the database based on user input?

Thanks for any input in advance.

I have always wanted to have a neighbor just like you - Fred Rogers. Tiny ad:
SKIP - a book about connecting industrious people with elderly land owners
    Bookmark Topic Watch Topic
  • New Topic