Hi Jorge, On Tue, Jul 29, 2003 at 04:49:53PM -0300, Jorge wrote:
The password recovery interface over www works fine, but i don´t like something.
1-The mail it send don´t include the IP from where the request was done or all the headers for the request. 2-The request change the password inmediatly, anyone can change the password for any other at any time.
I suggest to do a different aproach and use the mail as an option to confirm the password change with a time limit, but not to do the change until confirmation , something similar to bugzilla or others interfaces.
That's a good idea. :) I added it to the TODO list. Thanks Jorge!
Jorge.
Martin -- Martin Edenhofer - <martin at edenhofer.de> - http://martin.edenhofer.de/ -- nohl: 8:33am up 169 days, 18:00, 6 users, load average: 0.11, 0.11, 0.09