[TYPO3-core] RFC: #10017: [felogin] New Method for "forgotPassword"
Xavier Perseguers
typo3 at perseguers.ch
Thu Jan 15 11:42:30 CET 2009
Hi,
> The mailing of password is something that is "insecure" as other people
> could see the mail and know your password. That was one reason for
> remove this mail.
> Second reason was that other people knowing your email could reset your
> password and annoy you this way.
>
> So this functionality was changed completely to work this way:
> * enter username or email address
> * don't generate a new password, send a mail with a link containing a
> hash with configurable validity (default 12 hours)
> * when user get mail and click on the link he can set new password. Hash
> is deleted so the link only works one time
+1 for this new behaviour.
--
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html
More information about the TYPO3-team-core
mailing list