Go to the FreeLists Home Page Home Signup Help Login 		 



[dokuwiki] || [Date Prev] [02-2006 Date Index] [Date Next] || [Thread Prev] [02-2006 Thread Index] [Thread Next]

[dokuwiki] Re: resend password

  • From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Thu, 02 Feb 2006 09:15:17 +0100
Guy Brand writes:

On 29 January at 14:18, Andreas Gohr wrote:

While updating wiki.splitbrain.org I came across the resend password
function and had a closer look at it. As far as I can remember we had a
discussion about this feature last year and agreed that it's current
state is a security problem (or at least an annoyance) because anyone
can just change the password of any user.


  If it's named "resendpw" it should resend the password to the
  registered mail address of the user, not change it.

Good point. So the naming is wrong, too. Resending the original password is not possible because it is stored encrypted.

Andi

--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2007 Avenir Technologies, LLC.