| Sending user passwords in the clear |
[eluser]Thorpe Obazee[/eluser]
[quote author="Dregond Rahl" date="1242634729"]i think the better way would be to add a token to the database for lost passwords, when a user requests it, its added, and say something like this is sent to the email in the DB Lost your password? okie fine fine, go here : http://domain.com/lostpassword/E6hD5Km9 (randomly generated string) that page has a new password and confirm password field.[/quote] but doesn't that present a security issue, someone could manually type in (guess) generated strings? |
| Messages In This Thread |
|
Sending user passwords in the clear - by El Forum - 05-17-2009, 05:47 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 06:29 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 06:47 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 09:18 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 09:23 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 09:35 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 09:47 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 10:21 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 10:27 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 10:31 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 10:36 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 10:41 PM
Sending user passwords in the clear - by El Forum - 05-17-2009, 10:51 PM
Sending user passwords in the clear - by El Forum - 05-18-2009, 11:24 AM
Sending user passwords in the clear - by El Forum - 05-18-2009, 12:21 PM
Sending user passwords in the clear - by El Forum - 05-18-2009, 03:38 PM
Sending user passwords in the clear - by El Forum - 06-07-2009, 08:54 PM
Sending user passwords in the clear - by El Forum - 06-07-2009, 09:20 PM
|
