Home page logo
/

basics logo Security Basics mailing list archives

Re: User ID composition
From: "Anthony Ettinger" <aettinger () sdsualumni org>
Date: Fri, 24 Mar 2006 12:17:48 -0800

I've seen email used a lot for login. If the email is no longer valid,
it may become unusable, plus, email is often published on the web, it
would be like publishing your bank account username on the web.

Depends on the app, but I don't recommend using the username as an
identifier, except for logins. ie - api usage, etc. should be a unique
key.



On 3/22/06, jaboltz () bu edu <jaboltz () bu edu> wrote:
Are there any standards around User ID composition?  For instance, the ID should
not indicate Admin, super user, etc, be hard to enumerate valid IDs?



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]