• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

When requesting a password reset, the confirmation page shows my email address. This is a great way to allow a site crawler to gather everyone's email address.

There are diverse opinions of what to do, but what I'm used to seeing these days is a message of the sort "Your password has been emailed to your registered email address. If your email address is no longer valid, please (mailto link)contact the site administrator(/mailto link)."

Lavr, SteffenPoulsen and MartinCleaver were involved in the discussion regarding this issue on IRC as of 2005.01.22 1100 EST.

JST

Thanks for reporting this. Also removed password from URL in sent e-mail to not have it show up in access logs, browser history etc.

SVN 8446.

-- SP

ItemTemplate
Summary Email address displayed on password reset request
ReportedBy TWiki:Main.JoanTouzet
Codebase

SVN Range Sun, 22 Jan 2006 build 8439
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins 8446
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2006-01-22 - SteffenPoulsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback