[TYPO3-core] RFC: #10017: [felogin] New Method for "forgotPassword"
Steffen Kamper
info at sk-typo3.de
Thu Jan 15 11:35:07 CET 2009
Hi Volker,
Volker Graubaum schrieb:
> Hi,
>
> I haven't tested the patch, but I can't see if the old function is still
> in there and activated by default. (just send the password by mail).
> If not -1 for 4.2.4 patch, and a special information in the feature list
> of 4.3, since this change will break a lot of customer mails.
>
let me describe it more detailed:
The mailing of password is something that is "insecure" as other people
could see the mail and know your password. That was one reason for
remove this mail.
Second reason was that other people knowing your email could reset your
password and annoy you this way.
So this functionality was changed completely to work this way:
* enter username or email address
* don't generate a new password, send a mail with a link containing a
hash with configurable validity (default 12 hours)
* when user get mail and click on the link he can set new password. Hash
is deleted so the link only works one time
See my answer to Benni and forget about including to 4_2 for now.
vg Steffen
More information about the TYPO3-team-core
mailing list