WebApp Sec mailing list archives
User ID generation
From: Jason binger <cisspstudy () yahoo com>
Date: Tue, 12 Apr 2005 01:26:26 -0700 (PDT)
I have a customer that generates UserIDs as numbers sequentially for a critical application. They implement account lockout and I am concerned that someone could launch a DOS and lockout all the user accounts. What would people recommend for a user ID generation method. I was thinking UserIDs should be randomly generated from a large alpha-numeric keyspace, but how big should the keyspace be? What would the size of the keyspace need to be if it was only numeric? Any other thoughts appreciated. Cheers, __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Current thread:
- User ID generation Jason binger (Apr 13)
- RE: User ID generation Andrew van der Stock (Apr 13)
- RE: User ID generation Thomas Ng (Apr 13)
- Re: User ID generation Scovetta Labs (Apr 13)
- Re: User ID generation Andi McLean (Apr 14)
- Re: User ID generation Adam K (Apr 18)
- Re: User ID generation Scovetta Labs (Apr 18)
- Re: User ID generation Andi McLean (Apr 14)
- Re: User ID generation Paul M. (Apr 18)
- <Possible follow-ups>
- RE: User ID generation Murtland, Jerry (Apr 18)
- Re: User ID generation Andi McLean (Apr 18)
- Re: User ID generation Lucas Holt (Apr 20)
- Re: User ID generation Andi McLean (Apr 18)
- RE: User ID generation Andrew van der Stock (Apr 13)