Off TopicAre you a QOTWer? Do you want to start a thread that isn't a direct answer to the current QOTW? Then this place, gentle poster, is your friend.
(
rob, Sun 1 Apr 2001, 1:00)
« Go Back | See The Full Thread
Gonzif you know someone's username for fucking ANYTHING you can reset their password. It sends a new password to their email address.
a) How are you going to make that any more secure without then ending up with a system where someone who legitimately forgets their password then can't reset it and
b) Why on earth would you want to reset someone else's password? It's the most pointless thing to do for absolutely no gain at all.
(
the mighty badger Aphrodite, on a bar stool, by your side, Wed 23 Nov 2011, 14:33,
1 reply,
14 years ago)
No, that's not true. It should send a link to their email address that they can click on and _then_ let them type in a password to reset that doesn't get sent to their email address.Nobody without access should ever be able to change a single detail in a user's database. Nothing at all.
(
G/PP 💩💩💩💩💩€, Wed 23 Nov 2011, 14:40,
Reply)
That link creates a hash that is only valid for a few hours at most and expires on first use.(
G/PP 💩💩💩💩💩€, Wed 23 Nov 2011, 14:42,
Reply)
« Go Back | See The Full Thread