We have the following use case:
Users can self register for a business account by filling a validation form with their id,First, last name and DOB. ID is something that only the user knows ahead of time. Users have 5 attempts to match all of their information
We are planning to maintain a couple of tables in a database in which we store the validation attempts
Table 1 columns: id, attempts
Table 2 columns: id, fname, lname, dob
Table 1 and 2 have a one-many relationship. Here's an example of what happens if user tries to guess the firstname, last name and dob 5 times before its locked. The application checks table 1's attempts column and if it's 5 or more than 5 for a specific id, the user account (with that specific id) is treated as locked.
table 1
id attempts
1234 5
table 2
id fname lname dob
1234 john doe 19900101
1234 jane doe 19900101
1234 jason doe 19900101
1234 john dae 20010102
1234 roger smith 19960101
The problem with the above approach is that we are only tracking the failed attempts by id. What if user tries to change the id and attack? by keeping the first name, last name and dob the same and guessing the id?
Maybe I need to rethink the validation table design and my approach to solve the problem of user trying to guess id?? Or is there a better way to think about this problem?
Aucun commentaire:
Enregistrer un commentaire