29 Jul
2003
29 Jul
'03
7:49 p.m.
Hi. The password recovery interface over www works fine, but i don´t like something. 1-The mail it send don´t include the IP from where the request was done or all the headers for the request. 2-The request change the password inmediatly, anyone can change the password for any other at any time. I suggest to do a different aproach and use the mail as an option to confirm the password change with a time limit, but not to do the change until confirmation , something similar to bugzilla or others interfaces. Jorge.