[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hide email validation in "Lost password" page? -- Security bug
From: |
Davi Leal |
Subject: |
Re: Hide email validation in "Lost password" page? -- Security bug |
Date: |
Thu, 19 Apr 2007 12:20:08 +0200 (CEST) |
Victor Engmark wrote:
> Davi Leal wrote:
> > The user have to stay at that page to be able to read that message.
>
> As I pointed out before, we could show the message at the front page. I've
> seen other sites which do this sort of thing.
Cons:
* It is easier to show it at the same page.
* I personally think we does not win anything showing it at the home page.
* Besides, showing it at the home page we get a more complex source code.
Keeping the source code easy to understand is main to make it easier
the maintenance.
> > > Why "E1_"? Anyway, I'd call it LastPasswordRetrieval or just
> > > PasswordRetrieval (less clear). Separates the information from the
> > > function(s), which could be several.
> >
> > About the field name, I propose a new one:
> >
> > E1_LastAbuseTime timestamp,
> >
> > We will be able to use that field to both the "lost password" page and the
> > login pages. It can be used to register the last time an operation of
> > login or lost password has been requested for a user. What do you think?
>
> I still think it's better to give it a name according to what the field
> contains (which is not the last time the account was abused), rather than
> tie it to the first function using the data from that field.
The field will contain the last time stamp of the lost-password or login
forms use, for such entity. What do you think about?
E1_LastTimeStamp timestamp,
Davi
- Re: Hide email validation in "Lost password" page? -- Security bug, (continued)
Re: Hide email validation in "Lost password" page? -- Security bug, Victor Engmark, 2007/04/18
- Re: Hide email validation in "Lost password" page? -- Security bug, Davi Leal, 2007/04/18
- Re: Hide email validation in "Lost password" page? -- Security bug, Victor Engmark, 2007/04/19
- Re: Hide email validation in "Lost password" page? -- Security bug, Davi Leal, 2007/04/19
- Re: Hide email validation in "Lost password" page? -- Security bug, Victor Engmark, 2007/04/19
- Re: Hide email validation in "Lost password" page? -- Security bug,
Davi Leal <=
- Re: Hide email validation in "Lost password" page? -- Security bug, Victor Engmark, 2007/04/19
- Re: new timestamp data base field for: Lost_Password.php, Person.php, Company.php & non-profit_Organization.php, Davi Leal, 2007/04/19
- Re: new timestamp data base field for: Lost_Password.php, Person.php, Company.php & non-profit_Organization.php, Victor Engmark, 2007/04/19
- Re: Security bug at Lost_Password.php and Person.php, Company.php & non-profit_Organization.php registration forms, Davi Leal, 2007/04/19
- Re: Security bug at Lost_Password.php and Person.php, Company.php & non-profit_Organization.php registration forms, Victor Engmark, 2007/04/20
- Re: Security bug at Lost_Password.php and Person.php, Company.php & non-profit_Organization.php registration forms, Davi Leal, 2007/04/20
- Re: Security bug at Lost_Password.php and Person.php, Company.php & non-profit_Organization.php registration forms, Victor Engmark, 2007/04/20
- Re: Security bug, Davi Leal, 2007/04/20