aspdotnet_website_programming thread: Suggested improvement to the Accounts module
I came up with some improvements to the accounts module, maybe somebody
has some comments.
1) The Accounts module uses the primary key constrain to detect duplicate
entry of email addresses during inserts, but the primary key is an
autoincrement field so it never raises the exception that we are trying to
trap, making it possible to enter duplicate email addresses.
2) Sometimes, we want the users to login with a user name instead of the
email address, the model does not allow that.
3) The password is encrypted with a sha1 hash function, making it
impossible to retrieve it, for example to email it to a user who lost it.
The solution I came up with:
1) Add a username field to the Users table, same size as the eamail field
and modify accordingly the stored procedures and Accounts data module to
do the login by user name.
This allows us implement a loggin by user name or email without having to
re-compile the data or business modules.
All we have to do to login by email is to copy the email to the username
field when we insert a user.
2) Add a unique constrain on that username field and change the number of
the exception to trap to 2627.
This traps duplicate user name or entries (or email entries if we
implement the email login)
3) Make the password field a varbinary(50).
Encrypt the password with a RijndaelManaged algo.
For this, we hard code the initialization vertor in our source and we
store a representation of the key in the Accounts configuration file.
The problem is that if we somehow loose that key, we cannot recover our
passwords as we cannot remember a 128 or 256 bits binary key.
So we store a master password in our configuration file and we hash it
into a 256 bits key with a sha256 hash function after preceeding it with
hard coded random bits to avoid a dictionary attack and to split the key
between the compiled code and the configuraion file.
We use that key for encryption or decryption of the passwords.
If we don't want to automatically recover the passwords to email them to
cients, we don't store the master password in the configuration file and
enter it upon demand when we want to recover a password from the database.