To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 10907
10906  |  10908
Subject: 
 Re: Problem with Password page?
Newsgroups: 
 lugnet.admin.general
Date: 
 Fri, 11 Apr 2003 14:28:30 GMT
Viewed: 
 295 times
  
In lugnet.admin.general, Todd Lehman writes:
In lugnet.admin.general, David Koudys writes:
Is there also a way there can be a "forgot password" option?

I think I have an idea how we can automate this:  you fill out a
forgotten-password form, and the server sends a confirmation e-mail to you
containing a special URL which would be valid for a day or so, after which
it would expire.  You click on that URL, and from there you can reset your
password and change it to something else.

Does that sound good?  It would be just (almost) like the way the
news-posting authentication e-mails work.

I -might- be able to squeeze this in this weekend but probably won't be able
to do it not until after I get back from Portland / San Francisco.

--Todd

p.s.  Note that the server cannot tell you your password because it doesn't
know it; this is an internal privacy and security precaution used by
virtually all computer systems.  Instead of storing a raw password, it is
passed through a one-way encryption hash before being stored.  Thus to
compare x against y, it actually compares h(x) against h(y).  The hash
function h(x) is chosen to be cryptographically strong, and passwords x,y
are chosen to be extremely difficult to guess.

Sounds good.

Thanks for the efforts, Todd.  I don't like writing down passwords but when
you don't have to remember them for, like, a few years, you tend to forget them.

Willing to test your implementation once you get it done (no rush--e-mail
authentication for posting is working well...)

Take care,

Dave K



Message has 1 Reply:
  Re: Problem with Password page?
 
any advance on this, I've forgotten mine too, luckily I've set it to leave me logged in, but I'll be stumped if this PC gives up the ghost. (22 years ago, 17-May-03, to lugnet.admin.general)

Message is in Reply To:
  Re: Problem with Password page?
 
(...) I think I have an idea how we can automate this: you fill out a forgotten-password form, and the server sends a confirmation e-mail to you containing a special URL which would be valid for a day or so, after which it would expire. You click on (...) (22 years ago, 11-Apr-03, to lugnet.admin.general)

8 Messages in This Thread:


Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR