Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Re^4: It's been ten years ...

by tinita (Parson)
on Jul 30, 2019 at 09:26 UTC ( #11103614=note: print w/replies, xml ) Need Help??

in reply to Re^3: It's been ten years ...
in thread It's been ten years ...

Yes, of course. You can improve easily by creating a fresh random password and mailing that to the user, and then store it encrypted.
No, please no!

(I know many websites do this.)
So everone claiming "I am user X and I forgot my password" can now reset my password, and I am locked out and have to check my email.

The minimum password procedure should be: store an intermediate token, send the user a link with that token and then let them enter their new password. And that means, we need a new endpoint *and* a new database table probably. So it's not that trivial.

Replies are listed 'Best First'.
Re^5: It's been ten years ...
by LanX (Sage) on Jul 30, 2019 at 12:18 UTC
    I didn't use a token but a one way URL which is timing out after an hour.

    Needed two extra tables IIRC...

    To be able to integrate this here one would need godly powers or an offline development environment.

    Cheers Rolf
    (addicted to the Perl Programming Language :)
    Wikisyntax for the Monastery FootballPerl is like chess, only without the dice

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11103614]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (1)
As of 2021-09-19 03:02 GMT
Find Nodes?
    Voting Booth?

    No recent polls found