tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Luc Duval <jldu...@videotron.ca>
Subject Re: How to hand in the passwords to 3000 users [urgent!]
Date Fri, 11 Apr 2003 02:29:12 GMT
Hi,
    a possible solution:
    Credit card compagny use the birthday, addresse, mother maiden name and
(in canada social security number), etc.

Canada and Québec tax use the last year gross revenue as the password and
SSN as ID to obtain your password for your TAX report summit and status. But
3 try and disable after that can't be re-enable for that year.

you can probably use that kind of trick for enrollment or some other info
like if available ex: file number, etc.
Last session score, birthday and zip/postal code can be a combination not
completely secure but not guess, for sure must disable account if too many
errors

JLD


----- Original Message -----
From: "Goehring, Chuck Mr., RCI - San Diego"
<cgoehring@resourceconsultants.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>;
<nancycm@correo.uqroo.mx>
Sent: Thursday, April 10, 2003 8:02 PM
Subject: RE: How to hand in the passwords to 3000 users [urgent!]


Nancy,

I think you might be exposing yourself to legal problems if you don't do a
password exchange in person.  Accidentally letting someone into somebody
else's grade info could be dangerous.  If you have time, you could have the
school send id/passwords out in a snail-mail letter or add system generated
password (properly labeled with warnings and disclaimers) in the normal
correspondence like grade report or ???.

Chuck

-----Original Message-----
From: Nancy Crisostomo Martinez [mailto:nancycm@correo.uqroo.mx]
Sent: Wednesday, April 02, 2003 7:51 AM
To: Tomcat Users List
Subject: Re: How to hand in the passwords to 3000 users [urgent!]


Hi !,
My application is some kind of schoolar system. In it the students could
find all their schoolar information by their own. You know, grades,
schedules, finantial information, etc.. So  the user id is given by their
student id... so that is clear... but the problem begin because we need to
give their passwords to enter to the site.... We don't want to give a
general password for all, because some 'bad' friends of some
students could know his/her student id and enter to the site with the
general password and do some 'changes'...
We need some help to find the most secure way to hand in or to let the users
know their password to enter to the site. But we don't have their e-mails.

Thanks!

"Goehring, Chuck Mr., RCI - San Diego" wrote:

> Nancy,
>
> Hope I understood you problem correctly.  It might be worth doing a signup
application, then advertise it through the management chain of command with
a url and instructions.  Have the app capture the information to a text file
or database.  Get the email, username and password that way.  I think I'd
also put password change & mailback capabilities in the app so you don't
have to change passwords for users all the time.
>
> Chuck
>
> -----Original Message-----
> From: Nancy Crisostomo Martinez [mailto:nancycm@correo.uqroo.mx]
> Sent: Tuesday, April 01, 2003 12:55 PM
> To: Tomcat Users List
> Subject: How to hand in the passwords to 3000 users [urgent!]
>
> Hi all!
>
> I'm trying to entablish the best way to hand in their own user_id and
> password to the 3000 users of an applicattion developed to Internet.
>
> I don't know which could be the best way to do this without forgetting
> the security because each user has some confidential information in
> his/her session.
>
> Could you please help me?
> Any clue could help me!
> Thanks in advance!
>
> Nancy.
>
> ps. I don't have their e-mails so, descart the email way.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message