On 10/9/07, James Bennett <[EMAIL PROTECTED]> wrote:
>
> On 10/8/07, Marty Alchin <[EMAIL PROTECTED]> wrote:
> > His point is that anyone could trigger that email. And, while you're
> > right that only the true user would receive the email, the target
> > user's password will get reset regardless.
On 10/9/07, Bill Fenner <[EMAIL PROTECTED]> wrote:
> He alternative is to exchange a handshake before changing the
> password. Don't jump immediately to "must store plain text
> passwords".
OK, so when you demonstrate to me that this is a significant and
widespread enough problem to justify comp
On 10/9/07, James Bennett <[EMAIL PROTECTED]> wrote:
> Plus, he alternative is to either store plaintext passwords or provide
> a way to recover plaintext passwords, both of which are not going to
> happen in any way, shape or form, because they *do* present extremely
> serious security problems.
On 10/8/07, Marty Alchin <[EMAIL PROTECTED]> wrote:
> His point is that anyone could trigger that email. And, while you're
> right that only the true user would receive the email, the target
> user's password will get reset regardless. So, if I didn't like you, I
> could put in your email address,
On Oct 9, 12:15 am, "Marty Alchin" <[EMAIL PROTECTED]> wrote:
> On 10/8/07, James Bennett <[EMAIL PROTECTED]> wrote:
>
> > On 10/8/07, Bill Fenner <[EMAIL PROTECTED]> wrote:
> > > Which is an excellent way to partially lock someone out of the site,
> > > by preemptively changing their pasword (and
On 10/8/07, James Bennett <[EMAIL PROTECTED]> wrote:
> On 10/8/07, Bill Fenner <[EMAIL PROTECTED]> wrote:
> > Which is an excellent way to partially lock someone out of the site,
> > by preemptively changing their pasword (and emailing them the new
> > one). This operation should really email a c
On 10/8/07, Bill Fenner <[EMAIL PROTECTED]> wrote:
> Which is an excellent way to partially lock someone out of the site,
> by preemptively changing their pasword (and emailing them the new
> one). This operation should really email a challenge URL which, if
> visited, leads to a "set new passwor
On 10/8/07, James Bennett <[EMAIL PROTECTED]> wrote:
> In the default setup, the URL /accounts/password/reset/ will, provided
> the user inputs their email address correctly, send out a a new
> password.
Which is an excellent way to partially lock someone out of the site,
by preemptively changing
On 10/8/07, onno <[EMAIL PROTECTED]> wrote:
> My application lets users register. I'm using James Bennet
> registration module.
> But I wonder how to make a lost password page for a user that forgot
> their password? Wich module do I use for that?
In the default setup, the URL /accounts/password/
On Mon, 2007-10-08 at 13:30 -0700, onno wrote:
> My application lets users register. I'm using James Bennet
> registration module.
> But I wonder how to make a lost password page for a user that forgot
> their password? Wich module do I use for that?
Django doesn't store the user's password anywh
10 matches
Mail list logo
