[Cosmo-dev] "Forgot Password" workflow
Brian Moseley
bcm at osafoundation.org
Tue Mar 13 10:35:29 PST 2007
On 3/13/07, Travis Vachon <travis at osafoundation.org> wrote:
> One downside of this is that a user's password can be changed by any
> random person, albeit to a random string that only the appropriate
> user should be able to access. Another is that they need to remember
> the temporary password until they log in, and then change to whatever
> password they would like to stick with.
>
> One upside is that we would not need to add anything to our data
> model. With my proposal, I imagine the best thing to do would be to
> store a "password reset id" in the User object and make it indexable
> so that Users can be looked up by password reset id.
>
> Any thoughts on these two options?
i don't like the problems that come with the old way of doing things.
i don't mind adding something to the data model to allow more secure
password changes.
how about a PasswordChange entity with a randomly generated token and
an association to the User? then the cmp url could be
/account/password/change/<token>. this url would be generated by the
server and emailed to the user. attackers would either have to
intercept the email (which is of course fully possible) or guess the
token to build the password change url.
More information about the cosmo-dev
mailing list