[PATCH] secure password reset implementation
Andrew Shadura
andrew at shadura.me
Sun Jul 26 19:11:25 UTC 2015
On 26/07/15 20:58, Andrew Shadura wrote:
>> It should make sure it doesn't go too far with changing passwords when
>> > using external authentication (but also not reveal too much information
>> > too early). (I guess it would be nice if each authentication module had
>> > a customizable "tell the user how to change the password" string...)
> Right, I have to fix this.
Or, actually, I don't need to fix it yet, as it does no harm at all for
external users (it doesn't matter what we have in the database for them).
--
Cheers,
Andrew
More information about the kallithea-general
mailing list