Re: Forgotten password

C. (http://symcbean.blogspot.com/) wrote:
On 29 Dec, 13:50, Anthony Levensalor <anth...@xxxxxxxxxxxxxxxxxxx>
wrote:
rf said:

"twomt" <no-re...@xxxxxxxxxxxxxx> wrote in message
news:fl5ea5$d1u$1@xxxxxxxxxxx
Hello,
are there any tutorials/guides out there that explain how to handle this
subject?
I was thinking of having a member enter his username and email, after
which I then email him a new password.
To where would you email him the new password? What if I enter my email
address, do you email his new password to me?
--
Richard.
No, that would be stupid. If someone has a password with me, as in an
account at one of my sites, I already have their email in a database. I
mail the new password to that address, and done is done.

~A!

--
Anthony Levensalor
anth...@xxxxxxxxxxxxxxxxxxx

Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former. - Albert Einstein

1) that's inflexible - you are expecting the user to know 2 out of
three facts

Which is why I only require the user id.

2) it provides a way for a third party to carry out a denial of
service attack against your users.


Not at all. At most the user will get one email per day. The system won't send it more often than that.

If you look at existing systems the more sensible ones send out a URL
with a single use visa in the the query part allowing the user to
access the site without presenting their login credentials.

C.


True. But just sending the password once works, also. Not as secure, but often times it's secure enough.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

Relevant Pages

  • Re: Forgotten password
    ... are there any tutorials/guides out there that explain how to handle this subject? ... I was thinking of having a member enter his username and email, after which I then email him a new password. ... Only two things are infinite, the universe and human stupidity, ...
    (comp.lang.php)
  • Securing Communication Between Domain Members and their Domain Controllers
    ... "Securing Communication Between Domain Members and their Domain ... integrte them into a single secure Active Directory Domain. ... As all servers in the domain are located at location ... member servers to communicate this way, looking through the MS tech. support ...
    (microsoft.public.win2000.security)
  • Re: Shift Key bypass
    ... If you have a secure mdb, and a member of the Admins ...
    (microsoft.public.access.security)
  • Re: [W2003] TS server cant connec to TS license server
    ... After more headscratching, found it was it was: ... programs won't run if the user isn't a member of Admins. ... secure, ...
    (microsoft.public.windows.terminal_services)
  • Re: Flying Toupees and Loooooongest held notes
    ... Not to worry. ... Your record is secure. ... don't change the subject, bollman. ... member have become iconic in the masturbating circles. ...
    (rec.music.opera)