Showing ASP.NET page as pop-up/modal? - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Showing ASP.NET page as pop-up/modal?

Message

De

30/12/2014 09:24:33

Paul Mrozowski
Rcs Solutions, Inc.
Macomb, Michigan, États-Unis

À

29/12/2014 15:58:00

Craig Berntson
Quicken Loans
Salt Lake City, Utah, États-Unis

Information générale

Forum:

ASP.NET

Catégorie:

Autre

Titre:

Re: Showing ASP.NET page as pop-up/modal?

Versions des environnements

Environment:

VB 9.0

OS:

Windows Server 2012

Network:

Windows 2008 Server

Database:

MS SQL Server

Application:

Web

Divers

Thread ID:

01612499

Message ID:

01612836

Vues:

40

>Not secure. It's all sent in plain text.
>
>>Btw, I just checked this site (UT) which - if you forget the password - resets your password to a random one and emails it to you, along with your user ID.

That's actually OK as long as you make the user change their password as soon as they log in. Then the token approach and emailing you a temporary password are equivalent. Having said that, I think the token approach is actually easier to implement.

When they click the reset password link, generate a token and expiration date/time and store it into their account. E-mail the user a link that contains this token. Then create a page that can receive this token, verify the token and make sure it hasn't expired and display a field to change the password. On save, update the password hash and clear the token/expiration. Maybe also log the last password reset date/time.

-Paul

RCS Solutions, Inc.
Blog
Twitter

Click here to load this message in the networking platform