[nycphp-talk] online password replacement
Chris Shiflett
shiflett at php.net
Fri Mar 5 15:43:11 EST 2004
--- Dan Cech <dcech at phpwerx.net> wrote:
> A fairly standard approach is to simply generate a new random password
> and send it to the email address you have on file.
You probably also want to have a unique link in the email (or some similar
mechanism) that the user needs to visit in order to activate the new
password. Otherwise, random people can reset your users' passwords, which
is a hassle for them.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
More information about the talk
mailing list