[PATCH] secure password reset implementation
Mads Kiilerich
mads at kiilerich.com
Thu Jul 23 13:53:34 UTC 2015
On 07/19/2015 03:35 PM, Andrew Shadura wrote:
> # HG changeset patch
> # User Andrew Shadura <andrew at shadura.me>
> # Date 1431821238 -7200
> # Sun May 17 02:07:18 2015 +0200
> # Node ID 98cb64feddfb89f106f66763462061fd2ca3f412
> # Parent f103b1a2383bc4fba5d28f9732ba832025e3bf00
> secure password reset implementation
A couple of other things:
It should make sure it doesn't go too far with changing passwords when
using external authentication (but also not reveal too much information
too early). (I guess it would be nice if each authentication module had
a customizable "tell the user how to change the password" string...)
The user is redirected to a " Code you received in the email" page ...
but the mail only contains a URL - no mentioning of any code.
/Mads
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20150723/acae24e2/attachment.html>
More information about the kallithea-general
mailing list