[Paul]

Hi,

Quote:

Originally posted by JJR512
LoveShack, I'm not sure if I understood what you meant by your Point #1 above. Whether the system uses predefined questions or lets users make up their own questions, either way, the question is going to be visible to anyone who wants to see it.

Not necessarily. In the suggestion I made, one would have to choose the correct question and correct answer making both a part of the authentication procedure. For example, suppose a drop-down box was used with three questions. You would need to pick the correct question from the drop down box and supply the correct answer in order to be able to change the e-mail address.

Quote:

(BTW, the added complexity that you alluded to at the end of your post is part of the reason why I avoided going that way! )

Added complexity in this case is added security.

Quote:

I agree that making everything work as lower-case would be a good idea, and I'll work that in sometime tonight, and update my post again.

Pretty simple to do. Just use strtolower();

Quote:

Regarding your Point #3, I understand what you're saying...I think that using unencrypted answers might be a better idea if you're using predefined questions, per your other suggestion. But for my version, allowing the user to make up his own question, I don't think many people would be too keen on the idea of putting in a question like, "What is my mother's maiden name?" if they know that I'll be able to see the answer. I could take that answer and use it to find out all kinds of things about that person and commit all kinds of fraud. Not that I would, of course, but what I'm saying is that some people will know that that kind of thing is possible. If you use a predefined question you could make a question that people wouldn't care if the board owner could see the answer or not. This is the same kind of debate, pretty much, that raged when vBulletin switched the password system to MD5, as well. There are some advantages to being able to see the passwords. But having them be encrypted was deemed to be more important, so I figured those reasons pretty much applied here, too.

You clearly would not use a question such as "What's your mother's maiden name," simply because it's a question frequently used in banking. Rather, by using predefined questions you could narrow the possibility that you'd be intruding on privacy issues and get a more identifying piece of information. For example, "Who was your fourth grade social studies teacher?"

Encrypting the answers would mean that Mrs. Johnson != Mrs Johnson != Harriet Johnson != Miss Johnson, simply because you couldn't visually make a determination as to what the correct answer is supposing the person e-mailed you.

After evaluating this hack and taking all these situations into consideration, my development team decided that this was creating more of a problem than it was potentially solving. A good hack for those who want such a system though. Kudos for creating it.

Paul