blob: a4e212c6cbdb4ee5c2b28683b822234ca4b0ee8d (
plain)
1
2
3
4
5
6
7
8
9
10
|
- hash the password, with salt (currently it's plain text which is a no go!)
- make the login mechanism more robust:
- http://www.devarticles.com/c/a/JavaScript/Building-a-CHAP-Login-System-Encrypting-Data-in-the-Client/2/
- have a CHAP per default (working also over HTTP)
- If there is no Javascript, allow the "plain over HTTPS" fallback
- check timeout when verifying the registration code of a user
- database model for a simple CMS
- http://www.techrepublic.com/article/two-ways-to-design-a-database-for-a-net-based-cms/
|
