blob: af835f27cdc1516fc0704be13e911de10230a467 (
plain)
1
2
3
4
5
6
7
8
9
10
11
|
- hash the password, with salt (currently it's plain text which is a no go!)
- make the login mechanism more robust:
- http://www.devarticles.com/c/a/JavaScript/Building-a-CHAP-Login-System-Encrypting-Data-in-the-Client/2/
- have a CHAP per default (working also over HTTP)
- If there is no Javascript, allow the "plain over HTTPS" fallback
- check timeout when verifying the registration code of a user
- database model for a simple CMS
- http://www.techrepublic.com/article/two-ways-to-design-a-database-for-a-net-based-cms/
- try to use the template mechanism for email in plain text and HTML,
the renderer should be callable outside the HTTP response mechanism
|