重置密码的标准是什么 [英] what is the standard for reseting passwords
问题描述
我被分配了一个需要重写的应用程序。我们需要做的就是替换密码重置的方式。目前,用户输入用户电子邮件地址并点击将密码发送到用户电子邮件的按钮,这样他就可以使用该密码登录。显然这不是很好,但在使设计更安全的过程中,我遇到了一些问题。其中一个是重置密码的最佳方法。
我修改了发送用户密码的页面,只是向用户发送一封带有链接的电子邮件他或她可以更改密码的页面。我使用了用户电子邮件,名字和姓氏以及用于创建令牌的guid的令牌,并使用来自mircrosoft站点的示例应用程序进行三重DES,将所有这些应用程序加密为一个加密令牌。我将加密的令牌添加到发送给用户的电子邮件中的网址。
任何人都可以告诉我什么是最好的重置方式密码?
我问的原因是因为当我尝试解密令牌时我遇到了问题。我不断收到错误base 64 char数组的长度无效,即使我使用的代码是来自microsoft站点的示例的副本:演练:在Visual Basic中加密和解密字符串。所以,我认为,即使这是一个很好的练习,而不是挣扎,如果我只是将用户发送到我们设置的重置密码页面怎么样?
对于详细问题抱歉?
i have been assigned an application that needs a bit of rewriting. One the things we need to do is to replace how password resets are done. Currently, the user enters the user email address and the clicks on a button that sends the password to the user's email, so he can log in with that password. Clearly this is not very good, but in the process of making the design more secure, i am running into some issues. One of them is what is the best way of resetting the password.
I modified the page that sends the user password to just send the user an email with a link to a page where he or she can change the password. I have used the user email, the first and last name and a token the guid to create a token, and used a sample app from mircrosoft site for triple DES to encrypt all of those into one encrypted token. I add that encrypted token to the url that is inserted in the email sent to the user.
Can anyone give me an idea as to what is the best way of resetting passwords?
The reason i am asking is because i have been runnning into a problem when i try to decrypt the token. I keep getting an error "invalid length for a base 64 char array" even though the code i used is a carbon copy of the example from microsoft site:"Walkthrough: Encrypting and Decrypting Strings in Visual Basic". So, i thought heck, instead of struggling with this even though it is a great exercise, how about if i just send the user to the reset password page that we have set up?
Sorry for the verbose question?
推荐答案
http://www.asp.net/web-forms/tutorials/security/admin/recovering-and-changing-passwords-cs [ ^ ]
base 64 char数组的长度无效
"invalid length for a base 64 char array"
你试过吗?来自 Google 的任何答案[ ^ ]为了这 错误?
请参阅使用asp.net解密密码期间base-64 char数组错误的长度无效 [ ^ ]。
Have you tried any answers from Google[^] for this error?
Refer simple answer at Invalid length for a base-64 char array error during decryption of password using asp.net[^].
艾哈迈德,谢谢你的回复。我昨天看到它,但正在做一些研究。您提供给我的文章的链接是关于通过电子邮件发送密码,这是我试图避免的。这里有一篇文章来自对该方法有不同看法的人。
但是,我想感谢你的快速回复。
http://www.troyhunt.com/2012/05/everything-你曾经想要知道的问题 [ ^ ]
Ahmed, Thank you for your reply. I saw it yesterday but was doing some research. The link for the article you provided me is about sending the password through email and that was what i was trying to avoid. here is an article from someone with a different view on the approach.
However, i wanted to thank you for the prompt reply.
http://www.troyhunt.com/2012/05/everything-you-ever-wanted-to-know.html[^]
这篇关于重置密码的标准是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
