[TYPO3-project-4-3] t3sec_saltedpw as sysext?
Michael Stucki
michael at typo3.org
Sat Apr 25 11:43:44 CEST 2009
Hi Xavier,
>> You should forget about this feature. It was there in TYPO3 for some
>> reason, but there is no other system I know of that sends you the
>> current password when you forgot it. Usually, the password is changed
>> to a random new one, and this will work fine with both authentication
>> systems.
>
> Actually this is not a good solution. Imagine I go to typo3.org and
> chooses to reset *your* password. Of course this will not gain me access
> to your account but this will ennoy you. I may even write a small bot
> that does this for a few TYPO3 websites I found.
>
> A valid solution with all "professional" websites is to send a one-time
> valid link to a form that lets me reset my password if I wish so. This
> way, I may simply forget the reset link and it will automatically be
> invalidated after, say, 1 day.
Right. Still this is much different than sending the existing passoword.
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-project-4-3
mailing list