Subject:
|
Re: Problem with Password page?
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Fri, 11 Apr 2003 13:55:16 GMT
|
Viewed:
|
547 times
|
| |
| |
In lugnet.admin.general, David Koudys writes:
> Is there also a way there can be a "forgot password" option?
I think I have an idea how we can automate this: you fill out a
forgotten-password form, and the server sends a confirmation e-mail to you
containing a special URL which would be valid for a day or so, after which
it would expire. You click on that URL, and from there you can reset your
password and change it to something else.
Does that sound good? It would be just (almost) like the way the
news-posting authentication e-mails work.
I -might- be able to squeeze this in this weekend but probably won't be able
to do it not until after I get back from Portland / San Francisco.
--Todd
p.s. Note that the server cannot tell you your password because it doesn't
know it; this is an internal privacy and security precaution used by
virtually all computer systems. Instead of storing a raw password, it is
passed through a one-way encryption hash before being stored. Thus to
compare x against y, it actually compares h(x) against h(y). The hash
function h(x) is chosen to be cryptographically strong, and passwords x,y
are chosen to be extremely difficult to guess.
|
|
Message has 1 Reply: | | Re: Problem with Password page?
|
| (...) Sounds good. Thanks for the efforts, Todd. I don't like writing down passwords but when you don't have to remember them for, like, a few years, you tend to forget them. Willing to test your implementation once you get it done (no rush--e-mail (...) (22 years ago, 11-Apr-03, to lugnet.admin.general)
|
Message is in Reply To:
8 Messages in This Thread:
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|