Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

I understand the point you're making, but there is a problem that is difficult to circumvent here. First, we like to give people the ability to receive an email reminder when they forget their account password. Second, we like to let people update their info when they change email accounts.

How do we go about satisfying both criteria, while making it impossible, for someone who has gained unauthorized access to a PM account, to update the email address and password? We can strengthen password security by forcing password aging, trickier passwords, and other such strategies (each of which make the site more difficult to use, and introduce the potential for increased user error), but ultimately, if we want to let people update their own user info, I don't see how we could prevent anyone who gains access to the account from doing the same.

Hiding email info from a user won't prevent that user from updating his email address. And if he can update his email address, so can anyone else who knows his password.

Protect your passwords, and if you should happen to believe your account has been comprimised, pray to the gods that they might help you get it sorted out. At least we have some nice people here who may help out.


Dave


In reply to Re: Email security for monks? by davido
in thread Email security for monks? by DigitalKitty

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2024-03-29 13:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found