[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: savannah.gnu.org Verification
|
From: |
Mathieu Roy |
|
Subject: |
[Savannah-hackers] Re: savannah.gnu.org Verification |
|
Date: |
09 Jan 2003 11:23:34 +0100 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
Per Abrahamsen <address@hidden> said:
> Hi Hackers,
>
> I have not requested a password change, and the logget IP is not one I
> use.
>
> The last line of the message confuses me. Am I supposed to visit the
> "confirm change" URL even though I definitely do *not* want to confirm
> the change?
No, you are not.
In fact, the way password can be changed come from the original SF
version. And someone, Thomas Buschnell (sorry if I mispell it, do not
remember well), noticed, it's possible to steal someone account in
some particular case.
That's why there's informations logged (IP etc).
But anyway, there's not so much thing someone can do with a stolen
account and the way it works is similar to the way every website I
know works (I would be happy to enhance this part, but nobody ever
proposed something actually 100% ok).
--
Mathieu Roy
<< Profile << http://savannah.gnu.org/users/yeupou <<
>> Homepage >> http://yeupou.coleumes.org >>
<< GPG Key << http://stock.coleumes.org/gpg <<