You 7knots password is lower-cased then coded by UNIX encrypt(). Once that's done,
there are very few experts in the world can read it back. After Feb 1, 2003, we save
your real readable password somewhere else for the password reminder services.
When a visitor surfs around 7k and hit a protected link, e.g. "edit" or "add",
or want to see your protected email address. The Apache httpd send a request to
your local browser for authentication. A small window pops up asking for her/his
User name and password. 7k uses your FULL email address for username.
Don't just enter the first part of your email and get frustrated. Why don't we do what
ebay or yahoo do and let users choose their own usernames?! Well, if I sign up on eBay or
yahoo today, my usual username "tomyang" has been long taken. I have to settle for
something like "tomyang975" or "1962tomyang-2". I think I can remember my email address
better than the "tomyang975" thing.
Anyway, after s/he enter the full email address and password, Apache grep it and askes
MySQL to query his/her (email, password) in the database. Email is not case sensitive,
but password is. If they match, Apache let him/her in and proceed to the "edit" or "add"
script. At the same time, the underline perl script gets all his/her information from
Apache for future use. For example, if s/he wants to add a boat. Once s/he log in, and
the boat form pops up with all the default values already filled in. Your name, address,
website, ...are all there pre-filled. They are from the authentication processes.
How often you have to do the Authentication, though? The current setup is as long as
your browser session lives. Apache writes Cookie Files in your local browser, so the
next time you hit a secured area, he knows you're already checked in and won't bother
you again. But, say, you edited your sailor profile and changed your password. And,
now you want to post a forum reply. Bang, the little window pops up again for password.
If you leave your Internet Explorer on all the time, you don't have to do the anthentication
again unless you close the browser and relaunch IE again. Is this dangerous? Yes ! If
you leave the internet cafe without totally close IE (or Netscape, Mozilla..etc), the
next user sits down and start to edit, delete your data without any password.
All we can do is shorten the cookie expiration time, but again, there's no way for 7k
to know who is sitting in front of the keyboard now.
What if you forgot your password?
Click at the "Forgot Password?" in the homepage area. When a small form pops up,
enter you email address twice and we'll send it to you to that address. Most
people today have many email addresses. They not only forgot their 7k password,
they don't even know what email address they use at 7k. If you enter a new
email address and request for your password, we can't find it in the database.
Help yourself and search the email you use under the "Sailor" section. Do you remember
your name? location? Quickly you can find it and click at your email.. (if you protect
your email from the general public, you're dead. Cuz you're the general public, now.).
If you sign up before Jan 31, 2003, for security consideration, we didn't save your password
in readable form. You can send an empty (nobody reads it) email to "email@example.com" to
reset the password. The system scan pwreset's message every 10 min, once it sees your empty
letter, it'll verify if this comes from an address that is indeed in the database. It'll reset
the password to a new one and send it to you right away.