Matt said:
I've put together a forum (without the forum bit!) that requires
registration and login. Could someone have a quick look and see what they
think in terms of password security or any other issues?
http://d168790.u33.dc-servers.com/forum/forum.asp
You don't really have much there... honestly it looks like you put no
thought into it at all
A couple of things:
1) You dont' give any error messages
2) If I type in something and leave another field blank and hit SUBMIT on
the signup form, what I typed in should be filled in on the form (and then
an error message below or around the items that I didn't fill out telling me
that I didn't fill them out)
3) For "password" you should have the user type it in twice and then check
that the two match... if they do then the password is ok, if it doesn't then
tell the user the 2 passwords don't match. What if somebody has a crappy
keyboard where a key doesn't work sometimes, or they type so fast and
sometimes typos are made?
4) You should line things up
5) You don't need the same size input boxes for everything. For password
you have SIZE=10 MAXLENGTH=40... why are you giving me so much room if I can
only enter 10 characters?
6) For email I entered "test" and it accepted it... didn't check for any of
the basic elements that make up an email address
7) For security, you shouldn't let people's username be the same as password
8) You should include a "REMEMBER ME" option... if I select this you should
write a cookie with my userID so that I don't have to log in next time I
come back
Ok, thats more than a couple... it'll give you something to start with
though...
Clint