WebApp Sec mailing list archives
User ID generation
From: Jason binger <cisspstudy () yahoo com>
Date: Tue, 12 Apr 2005 01:26:26 -0700 (PDT)
I have a customer that generates UserIDs as numbers
sequentially for a critical application. They
implement account lockout and I am concerned that
someone could launch a DOS and lockout all the user
accounts.
What would people recommend for a user ID generation
method.
I was thinking UserIDs should be randomly generated
from a large alpha-numeric keyspace, but how big
should the keyspace be?
What would the size of the keyspace need to be if it
was only numeric?
Any other thoughts appreciated.
Cheers,
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
Current thread:
- User ID generation Jason binger (Apr 13)
- RE: User ID generation Andrew van der Stock (Apr 13)
- RE: User ID generation Thomas Ng (Apr 13)
- Re: User ID generation Scovetta Labs (Apr 13)
- Re: User ID generation Andi McLean (Apr 14)
- Re: User ID generation Adam K (Apr 18)
- Re: User ID generation Scovetta Labs (Apr 18)
- Re: User ID generation Andi McLean (Apr 14)
- Re: User ID generation Paul M. (Apr 18)
- <Possible follow-ups>
- RE: User ID generation Murtland, Jerry (Apr 18)
- Re: User ID generation Andi McLean (Apr 18)
- Re: User ID generation Lucas Holt (Apr 20)
- Re: User ID generation Andi McLean (Apr 18)
- RE: User ID generation Andrew van der Stock (Apr 13)