Versions des environnements
Network:
Windows 2008 Server
>Hi,
>
>Speaking about security aspect of Password recovery. Regardless of the approach of resetting password (email password in plain text, or sending a link to reset a password), what if user enters an email that does not exist in the database? Is it ok to return to the user a message such as "Email not found"? In theory someone can check if this or that person has access to the site (by entering an email address) but do you think this may create a security breach?
The very first thing you need to do is create a rescue recovery disc. If your hard drive gets trashed you won't be able to get anywhere without one. I learned this the hard way.
Précédent
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement