不寻常的密码请求 [英] Unusual password request
问题描述
我得到了一个不寻常的请求。一个客户想要一个密码/访问权限
只对十分钟有效的用户可用。我知道
我可以通过每次用户更改页面时重新验证密码来强制执行此操作。但是,每次更改页面时,必须进行数据库调用,这似乎是一个很大的开销。
我还想过设置一个计时器十分钟,并且在点击
时计时器取消设置会话变量,当用户给予此临时访问权限时,我将设置该会话变量。这样做,我只需要在会话变量设置的每个页面顶部检查
- 没什么大不了的。
你们有什么人想想这个请求?
I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.
What do you folks think about this request?
推荐答案
sheldonlg写道:
sheldonlg wrote:
我得到了一个不寻常的请求。一个客户想要一个密码/访问权限
只对十分钟有效的用户可用。我知道
我可以通过每次用户更改页面时重新验证密码来强制执行此操作。但是,每次更改页面时,必须进行数组调用,这似乎有很多。
I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
我还考虑过设置一个计时器十分钟,并且在点击
时,计时器取消设置一个会话变量,我会在用户给出这个时设置
临时访问。这样做,我只需要在会话变量设置的每个页面顶部检查
- 没什么大不了的。
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the user
is given this temporary access. Doing this, I would only have to check
at the top of every page that the session variable is set- no big deal.
您需要验证用户是否在每个页面上登录(会话)
无论如何都需要密码访问,对吧?因此,将登录时间存储在
会话变量中,如果超时,则将其记录下来。我没有看到
这个问题。
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don''t see
the problem.
你们对这个请求有什么看法?
What do you folks think about this request?
对我来说似乎很粗鲁。
-
*************** **************
Chuck Anderson? Boulder,CO
http://www.CycleTourist.com
没有他真正需要的东西
二十一世纪的精神分子。
*************** ********************
Seems rude to me.
--
*****************************
Chuck Anderson ? Boulder, CO
http://www.CycleTourist.com
Nothing he''s got he really needs
Twenty first century schizoid man.
***********************************
Chuck Anderson写道:
Chuck Anderson wrote:
sheldonlg写道:
sheldonlg wrote:
>我得到了一个不寻常的请求。一个客户想要一个只有十分钟有效的用户可以使用的密码/访问权限。我知道
我可以通过在用户更改页面时每次重新验证密码来强制执行此操作。但是,这似乎是每次更改页面时必须进行数据库调用的大量开销。
>I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
>我还考虑过设置一个计时器十分钟,并且在触发时,该计时器取消设置一个会话变量,我将在
用户获得此临时访问时设置该变量。这样做,我只需要在每个页面的顶部检查会话变量是否设置 - 没什么大不了的。
>I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the
user is given this temporary access. Doing this, I would only have to
check at the top of every page that the session variable is set- no
big deal.
您需要验证用户是否在每个页面上登录(会话)
无论如何都需要密码访问,对吧?因此,将登录时间存储在
会话变量中,如果超时,则将其记录下来。我没有看到这个问题。
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don''t see
the problem.
男人,毕竟这真是微不足道。谢谢。 (现在为什么我不认为
这样一个明显的解决方案?)
Man, it is really trivial after all. Thanks. (Now why didn''t I think
of such an obvious solution?)
>
>
>你们对这个请求有什么看法?
>What do you folks think about this request?
对我来说似乎很粗鲁。
Seems rude to me.
嗯?我希望你不要吝啬我。如果你的意思是客户,那么他想要做的就是给出一个品味的东西。用户必须订阅之前的网站。
Huh? I hope you don''t mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
sheldonlg写道:
sheldonlg wrote:
Chuck Anderson写道:
Chuck Anderson wrote:
> sheldonlg写道:
>sheldonlg wrote:
>>我收到了一个不寻常的请求。一个客户想要一个只有十分钟有效的用户可以使用的密码/访问权限。我知道
我可以通过在用户更改页面时每次重新验证密码来强制执行此操作。但是,这似乎是每次更改页面时必须进行数据库调用的开销很多。
我还考虑过设置一个计时器十分钟,然后开火
该计时器取消设置一个会话变量,我将在
用户获得此临时访问权限时设置该变量。这样做,我只需要在每个页面的顶部检查会话变量是否设置 - 没什么大不了的。
>>I got an unusual request. One customer wants a password/access made
available to a user that is valid for only, say, ten minutes. I know
that I can enforce this by having a revalidation of the password every
time the user changes a page. This, though, seems like a a lot of
overhead in having to make a db call every time a page is changed.
I also thought about setting a timer for ten minutes, and on firing of
that timer unset a session variable that I would have set when the
user is given this temporary access. Doing this, I would only have to
check at the top of every page that the session variable is set- no
big deal.
您需要验证用户是否在每个页面上登录(会话)
需要密码访问,对吧?因此,将登录时间存储在
会话变量中,如果超时,则将其记录下来。我没有看到问题。
You need to validate that the user is logged in (session) on every page
requiring password access anyway, right? So store the login time in a
session variable and if it has timed out, ... log them out. I don''t see
the problem.
男人,毕竟这真是微不足道。谢谢。 (现在为什么我不认为
这样一个明显的解决方案?)
Man, it is really trivial after all. Thanks. (Now why didn''t I think
of such an obvious solution?)
> >你们对这个请求有什么想法?
>>What do you folks think about this request?
对我来说似乎很粗鲁。
Seems rude to me.
嗯?我希望你不要吝啬我。如果你的意思是客户,那么他想要做的就是给出一个品味的东西。用户必须订阅之前的网站。
Huh? I hope you don''t mean me. If you mean the client, what he wants
to do is give a "taste" of the site before the user has to subscribe.
你说我有一个不寻常的请求。 ........后来问了......
你们对这个请求有什么看法?
所以.....你觉得怎么样?
十分钟后将某人记录下来似乎很粗鲁。如果我接到一个电话
......由于某种原因不得不离开.....只是混淆了8
分钟....那就是它;我不认为我会回来。
以某种方式限制使用而不是在网站上的时间似乎是一个更好的主意。
-
*****************************
Chuck Anderson? Boulder,CO
http://www.CycleTourist.com
没有他真正需要的东西
二十一世纪的精神分子。
*************** ********************
You said "I got an unusual request. ........ " And later asked ...
"What do you folks think about this request?"
So ..... what do you think?
Logging someone out after ten minutes seems rude. If I got a phone call
...... had to break away for some reason ..... was simply confused for 8
minutes ..... and then that was it; I don''t think I''d be coming back.
Restricting usage somehow rather than time at the site seems a better idea.
--
*****************************
Chuck Anderson ? Boulder, CO
http://www.CycleTourist.com
Nothing he''s got he really needs
Twenty first century schizoid man.
***********************************
这篇关于不寻常的密码请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
