WebApp Sec: Re: User ID generation

[Lucas Holt <luke () foolishgames com>]

On Apr 14, 2005, at 1:35 PM, Andi McLean wrote:
> >
> Sorry forgot to mention, the users in my case will be Members logging 
> into a
> website. Other Member will not be able to see eacth other. If I set up 
> a
> Forum something diffrent will be used.
You might consider using something like the date and time someone signs 
up meshed together in some way
along with a few randomly chosen letters A-Z a-z.  Its still 
predictable but the longer your site is in operation the harder it 
would be to crack a specific account unless you knew when the person 
signed up.  A random account, well thats a different story.
It might be better just to write a randomizer function for usernames 
and passwords where usernames can contain A-Z a-z 0-9 and passwords can 
contain those plus additional special characters like $ # @ ! & *.  
Then use a minimum length for both of at least 5 characters.  For 
passwords i like at least 8 characters.  It prevents many dictionary 
attacks and people who make word lists with letters, numbers and 
special characters from hitting your site.  If nothing else, bandwidth 
limitations will slow them down.
Lucas Holt
Luke () FoolishGames com
________________________________________________________
FoolishGames.com  (Jewel Fan Site)
JustJournal.com (Free blogging)
FoolishGames.net (Enemy Territory IoM site)