On 11/11/05, Chris Smith <chris@xxxxxxxxxxxxx> wrote: > Jeremy wrote: > > On 11/11/05, Chris Smith <chris@xxxxxxxxxxxxx> wrote: > > > >> What is your (anyone's) > >> suggestion to make this less open to abuse? > >> > > well, they should know their full name or email address. once of the two. > > > I don't think they make a huge difference. If you use a normal dokuwiki > signature and sign your contributions with it, your full name and > registered email address will be publicly available. Right, but only a registered user who posts would see that.. so unless you knew the old password and could make a post to see the full name and address, you might not know what those values are. If i don't know your password then i can't make a post as you to find out your email address. But, right now I can change your password and then figure it out. If, in order to change the password, i had to know the email address, then I would be out of luck. Or, instead of having it changed on the fly, have the user enter the username AND the email address and if they match then it would send them a new random password, then they could log in and change it. Instead of doing it at the login page. -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist