OT: More about unique random passwords

Yeah - I think we are counting the angels dancing on the head of a pin, so
to speak. I'm probably talking about fewer than 300 passwords....

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================


"David Powers" <david@example.com> wrote in message
news:eg1ae1$fdi$1@forums.macromedia.com...
> darrel wrote:
>> I don't see why an array is needed. But maybe I'm missing something.
>
> I don't know exactly what Murray is doing, but it's a question of swings
> and roundabouts. By gathering all existing passwords in an array, only one
> call to the database is required. On the other hand, if you do it the
> other way round, you need to query the database for each new password.
> With a small number of registered passwords and a genuinely random
> password generator, querying the database would be more efficient.
> However, as the number of registered passwords grows, it becomes
> (arguably) more efficient to query the database for each password. PHP is
> very fast at working through arrays. MySQL is also very fast at doing
> database queries, particularly if it's looking for a single match. I
> suspect that on the type of installation Murray is working with, the
> difference in time/processing power required would be infinitessimal.
>
> --
> David Powers
> Adobe Community Expert
> Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
> http://foundationphp.com/

darrel wrote:
> I don't see why an array is needed. But maybe I'm missing something.

I don't know exactly what Murray is doing, but it's a question of swings
and roundabouts. By gathering all existing passwords in an array, only
one call to the database is required. On the other hand, if you do it
the other way round, you need to query the database for each new
password. With a small number of registered passwords and a genuinely
random password generator, querying the database would be more
efficient. However, as the number of registered passwords grows, it
becomes (arguably) more efficient to query the database for each
password. PHP is very fast at working through arrays. MySQL is also very
fast at doing database queries, particularly if it's looking for a
single match. I suspect that on the type of installation Murray is
working with, the difference in time/processing power required would be
infinitessimal.

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/

> Because I like them! 8)
>
> Convince me otherwise, please.

What are you storing in the array?

What I'd do:

- grab the pwd
- query the db to see if it exists
- if not, save it.

I don't see why an array is needed. But maybe I'm missing something.

-Darrel

Tom Muck wrote:
> The code looks fine, but as a practical matter why are you reading sensitive
> passwords into a web page when you can query the database to see if you have
> a match?

Unless the array of passwords is displayed somewhere in the page,
everything should remain on the server. I presume that Murray's logic --
now there's an oxymoron for you ;) -- is that getting an array of
existing passwords makes just one database call, whereas querying for a
match could result in multiple calls. If the random generator is random
enough, it's probably more efficient to query the database to see if
there's a match. I was simply answering the question "Will this work?"
With Murray's original code, the answer was "No!".

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/

"Murray *ACE*" <forums@HAHAgreat-web-sights.com> wrote in message
news:efup4c$bga$1@forums.macromedia.com...
> Yes - have implemented them. Thanks, David!

The code looks fine, but as a practical matter why are you reading sensitive
passwords into a web page when you can query the database to see if you have
a match?

Tom

Because I like them! 8)

Convince me otherwise, please.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================


"darrel" <notreal@nowhere.com> wrote in message
news:efulp1$7o3$1@forums.macromedia.com...
>
>> That's basically what I'm doing - except I am using an array function.
>
> Why are you using an array?
>
> -Darrel
>
>
>

Yes - have implemented them. Thanks, David!

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================


"David Powers" <david@example.com> wrote in message
news:efumg7$8ci$2@forums.macromedia.com...
> Murray *ACE* wrote:
>> Hmm - so, should I not use this approach, then? What would be a better
>> method?
>
> The one I gave you. Read the code carefully. It has some important, but
> subtle differences.
>
> --
> David Powers
> Adobe Community Expert
> Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
> http://foundationphp.com/

Murray *ACE* wrote:
> Hmm - so, should I not use this approach, then? What would be a better
> method?

The one I gave you. Read the code carefully. It has some important, but
subtle differences.

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/

> That's basically what I'm doing - except I am using an array function.

Why are you using an array?

-Darrel

> Consequently, $rec will always be a two item array containing the result
> both as an indexed array element and as an associative array element. The
> actual password is held in $rec[0] and $rec['contactPassword']. Also,
> you're using array_key_exists to check the passwords, but the array keys
> will be 0, 1, 2, 3, etc. In effect, $passwords will look like this:
>
> $passwords[0] = array(0 => 12345678, 'contactPassword' => 12345678);
> $passwords[1] = array(0 => 87654321, 'contactPassword' => 87654321);
> and so on.

Hmm - so, should I not use this approach, then? What would be a better
method?

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================


"David Powers" <david@example.com> wrote in message
news:efubo8$p28$1@forums.macromedia.com...
> Murray *ACE* wrote:
>> I want to make sure that this is going to produce a unique password. Can
>> you evaluate that for me, please?
>
> It won't work. You have several mistakes in there, the most important ones
> being the use of quotes around false, which is a keyword (see page 138 of
> "Foundation PHP for DW 8" which I know you've got). Another mistake is
> you're using mysql_fetch_array() to extract the database results.
> Consequently, $rec will always be a two item array containing the result
> both as an indexed array element and as an associative array element. The
> actual password is held in $rec[0] and $rec['contactPassword']. Also,
> you're using array_key_exists to check the passwords, but the array keys
> will be 0, 1, 2, 3, etc. In effect, $passwords will look like this:
>
> $passwords[0] = array(0 => 12345678, 'contactPassword' => 12345678);
> $passwords[1] = array(0 => 87654321, 'contactPassword' => 87654321);
> and so on.
>
> Finally, and perhaps most crucially, you never set $unique to true once a
> unique password has been generated.
>
> You need to rewrite it like this:
>
> $passwords=array();
> $rsPasswordList = mysql_query("SELECT contactPassword FROM
> tblcontactdata",$selectData)
> or die(mysql_errno()." : ".mysql_error());
> while ($rec = mysql_fetch_row($rsPasswordList)){
> $passwords[] = $rec[0];
> }
> $unique = false;
> while ($unique === false) {
> $temp = randomkeys(8); // this is generating a random 8-character p/w
> if(!in_array($temp, $passwords)) {
> $newPassword = $temp;
> $unique = true;
> }
> }
>
> I assume that randomkeys() is a custom function defined elsewhere.
>
> --
> David Powers
> Adobe Community Expert
> Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
> http://foundationphp.com/