[TYPO3-english] Reset fe-user password - saltedpassword
Jigal van Hemert
jigal.van.hemert at typo3.org
Wed Dec 5 12:07:34 CET 2012
Hi,
On 5-12-2012 11:15, Tomas Norre Mikkelsen wrote:
> You are partly right, EXT:felogin allows the uses to get you password by
> email, but when using RSA salted passwords, it sents the text-value of you
> crypted password, which is usuable.
>
> I want no password in email, only link to reset-password page, passwords
> should never be sent in emails..
I think you have other extensions in your installation which send the
password by email.
EXT:felogin does the following:
- user clicks on forgot password link
- form is displayed where user can enter username or email address
- user receives email with link to form to enter new password (link can
only be used once and for a limited time)
- user enters new password en password is changed (even supporting
salted passwords, etc.)
EXT:felogin *never* sends a password by mail!
--
Jigal van Hemert
TYPO3 Core Team member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-english
mailing list