[Savannah-help-public] [sr #107281] Verification of account email changes is ineffective (try 2)

Sylvain Beucler Sat, 31 Jul 2010 07:58:02 -0700

Follow-up Comment #3, sr #107281 (project administration):

I'm reimplementing this particular function (user e-mail change verification)
in the next Savane.


Wrt predicatable identifiers, what about storing 2 random numbers in the DB,
one for confirmation and one for cancellation?

Other code tend to use MD5 and combine user information such as username,
etc., but I fail to see the increased security compared to a good old, plain
64 bits random number.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107281>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Savannah-help-public] [sr #107281] Verification of account email changes is ineffective (try 2)

Reply via email to