summaryrefslogtreecommitdiff
path: root/TODOS
blob: af835f27cdc1516fc0704be13e911de10230a467 (plain)
1
2
3
4
5
6
7
8
9
10
11
- hash the password, with salt (currently it's plain text which is a no go!)
- make the login mechanism more robust:
  - http://www.devarticles.com/c/a/JavaScript/Building-a-CHAP-Login-System-Encrypting-Data-in-the-Client/2/
  - have a CHAP per default (working also over HTTP)
  - If there is no Javascript, allow the "plain over HTTPS" fallback
- check timeout when verifying the registration code of a user
- database model for a simple CMS
  - http://www.techrepublic.com/article/two-ways-to-design-a-database-for-a-net-based-cms/
- try to use the template mechanism for email in plain text and HTML,
  the renderer should be callable outside the HTTP response mechanism