Re: Forgotten password
- From: "C. (http://symcbean.blogspot.com/)" <colin.mckinnon@xxxxxxxxx>
- Date: Sun, 30 Dec 2007 12:40:56 -0800 (PST)
On 29 Dec, 13:50, Anthony Levensalor <anth...@xxxxxxxxxxxxxxxxxxx>
wrote:
rf said:
"twomt" <no-re...@xxxxxxxxxxxxxx> wrote in message
news:fl5ea5$d1u$1@xxxxxxxxxxx
Hello,
are there any tutorials/guides out there that explain how to handle this
subject?
I was thinking of having a member enter his username and email, after
which I then email him a new password.
To where would you email him the new password? What if I enter my email
address, do you email his new password to me?
--
Richard.
No, that would be stupid. If someone has a password with me, as in an
account at one of my sites, I already have their email in a database. I
mail the new password to that address, and done is done.
~A!
--
Anthony Levensalor
anth...@xxxxxxxxxxxxxxxxxxx
Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former. - Albert Einstein
1) that's inflexible - you are expecting the user to know 2 out of
three facts
2) it provides a way for a third party to carry out a denial of
service attack against your users.
If you look at existing systems the more sensible ones send out a URL
with a single use visa in the the query part allowing the user to
access the site without presenting their login credentials.
C.
.
- Follow-Ups:
- Re: Forgotten password
- From: Jerry Stuckle
- Re: Forgotten password
- References:
- Forgotten password
- From: twomt
- Re: Forgotten password
- From: rf
- Re: Forgotten password
- From: Anthony Levensalor
- Forgotten password
- Prev by Date: Re: Uploaded images displayed after a few minutes
- Next by Date: Re: PHP/MySQL DB Scaling
- Previous by thread: Re: Forgotten password
- Next by thread: Re: Forgotten password
- Index(es):
Relevant Pages
|
|
