Lost password
- Tuesday, April 23 2002 @ 10:48 pm EDT
- Contributed by: barrywong
- Views: 6,023
I noticed that when we lose a password, geeklog will send us a new \'system-generated\'password. I have one concern, with the ease of requesting for new password.
GL does not verify if you are truly the user requesting for new password. As such, a prankster can look for a list of users ie. Admin etc and request for a new password for the person. It would be a pain if the this becomes a day to day affair.
Are there any plugins patches that we can add to help identify the user ie mom\'s maiden name or something along those lines?
Thank you.
GL does not verify if you are truly the user requesting for new password. As such, a prankster can look for a list of users ie. Admin etc and request for a new password for the person. It would be a pain if the this becomes a day to day affair.
Are there any plugins patches that we can add to help identify the user ie mom\'s maiden name or something along those lines?
Thank you.