An Integrated Mechanism for Resetting Passwords in Web Applications

Document Type

Conference Proceeding

Publication Date

12-4-2018

Abstract

It is very common for people to forget their passwords and request to reset their password through web browsers. This leads to the critical question of how a software developer should simply and safely, store and change a user's password for a web application. When an application stores a user's password in a database, the password must be encrypted so nobody can query the fields and see the original value. It is bad design to send or display the original password to the user when a user resets their password, as the information could be seen or intercepted. On the other hand, it is also inconvenient that users must memorize additional information in the form of security questions when attempting to reset the password. When resetting a password, it is better to use a user's basic personal information and email or text them a reset URL link with encrypted codes. This paper presents an integrated mechanism that utilizes PHP and MySQL functions to reset user passwords and improve the security for resetting passwords. The method can also protect the database from being attacked by reducing unnecessary access to the database. A case study is discussed in this paper.

Publication Title

Proceedings - 2017 International Conference on Computational Science and Computational Intelligence, CSCI 2017

First Page Number

50

Last Page Number

54

DOI

10.1109/CSCI.2017.9

This document is currently not available here.

Share

COinS