Syntactic Confectionery Delight | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I understand the point you're making, but there is a problem that is difficult to circumvent here. First, we like to give people the ability to receive an email reminder when they forget their account password. Second, we like to let people update their info when they change email accounts. How do we go about satisfying both criteria, while making it impossible, for someone who has gained unauthorized access to a PM account, to update the email address and password? We can strengthen password security by forcing password aging, trickier passwords, and other such strategies (each of which make the site more difficult to use, and introduce the potential for increased user error), but ultimately, if we want to let people update their own user info, I don't see how we could prevent anyone who gains access to the account from doing the same. Hiding email info from a user won't prevent that user from updating his email address. And if he can update his email address, so can anyone else who knows his password. Protect your passwords, and if you should happen to believe your account has been comprimised, pray to the gods that they might help you get it sorted out. At least we have some nice people here who may help out. Dave In reply to Re: Email security for monks?
by davido
|
|