To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 7207
7206  |  7208
Subject: 
 Re: Getting a password reset?
Newsgroups: 
 lugnet.admin.general
Date: 
 Fri, 21 Jul 2000 15:30:12 GMT
Viewed: 
 173 times
  
In lugnet.admin.general, Geoffrey Hyde writes:
Sounds like maybe you should automate it, and have a script-driven requester
that takes the address of the user and then automatically sends the password
to the registered address of the person.  The same way a lot of websites
handle forgotten passwords ...

There are, I think, two gotchas with this plan

1. There isn't really a concept of a "registered" email address, per se, that
is associated with a user. A user can have multiple addresses. For instance, I
have 3 listed on my member page: http://www.lugnet.com/people/members/?m=5
and I have a number of different cookies in force on various machines as well.

2. While e mailing your password to you in cleartext is good enough for
ecommerce sites, and even banks and credit card companies, it's not secure
enough to conform to the security standards in place here at Lugnet(tm). At
least not as I understand them. Todd has expounded on why that is. You may not
agree with the reasoning but it's his site and security is more important to
him than convenience. At least that's my read.

++Lar



Message has 1 Reply:
  Re: Getting a password reset?
 
Larry Pieniazek <lpieniazek@mercator.com> wrote in article <Fy20EC.6GJ@lugnet.com>... (...) requester (...) password (...) that (...) instance, I (...) (URL) and I have a number of different cookies in force on various machines as well. But if I (...) (24 years ago, 23-Jul-00, to lugnet.admin.general)

Message is in Reply To:
  Re: Getting a password reset?
 
Sounds like maybe you should automate it, and have a script-driven requester that takes the address of the user and then automatically sends the password to the registered address of the person. The same way a lot of websites handle forgotten (...) (24 years ago, 21-Jul-00, to lugnet.admin.general)

19 Messages in This Thread:







Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR