On Sun, Jul 26, 2009 at 5:23 PM, Sebastian E. Ovide < sebastianov...@gmail.com> wrote:
> personally I prefer the method adopted by most of the websites... they > send you a link valid for x minutes that you can use to reset your password. > > I find very annoying that anybody can reset my password ! Good point.... another option would be to do what banks / credit card companies do: save some set of challenge questions before allowing password reset. > > > On Sun, Jul 26, 2009 at 10:05 PM, Yarko Tymciurak <yark...@gmail.com>wrote: > >> This is a design topic - I think what you expect and what others would >> expect for this will vary. >> >> I think this could be less secure (what if someone asks for a password >> reset because someone saw their password, and reset to their own?). >> >> In any case, if you want to only enable a new password after the >> validation, you would need to store it, and extend the Auth class, and >> modify change_password accordingly. >> >> >> >> On Sun, Jul 26, 2009 at 3:15 PM, Sebastian E. Ovide < >> sebastianov...@gmail.com> wrote: >> >>> Hi All, >>> >>> retrieving a new password, if the SMTP is down, I am getting (correctly) >>> an flash saying "unable to send mail". At this point, as the email could not >>> been sent, I would expect having the same password... but web2py is still >>> assigning a new password... >>> >>> is it a bug or is working as designed ? >>> >>> thanks >>> >>> -- >>> >>> Sebastian E. Ovide >>> >>> >>> >>> >>> >>> >> >> >> > > > -- > > Sebastian E. Ovide > > skype: seezov > > +353 87 6340149 > > Sent from Dublin, Ireland > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
