[Yanel-dev] Forgot password feature
Michael Wechner
michael.wechner at wyona.com
Fri Jul 24 18:24:14 CEST 2009
Prabodh Upreti schrieb:
> Hi Michael
>
> I was assuming here that the create user feature only allows one user
> per email address.
no, it currently doesn't check this, whereas I am reluctant to block this
> If this is not true then, yes we should block it at the forgot pw
> level. Also need to modify create user to only create with unique
> passwords.
well, that's the question, where exactly do we want to handle/catch
this. It's not clear to me yet, and maybe we should
start a pros/cons list.
Cheers
Michael
> Thanks.
>
> Prabodh
>
> ------------------------------------------------------------------------
> *From:* Michael Wechner <michael.wechner at wyona.com>
> *To:* yanel-development at wyona.com
> *Sent:* Thursday, July 23, 2009 4:21:05 PM
> *Subject:* Re: [Yanel-dev] Forgot password feature
>
> Dear Prabodh
>
> One more thing which came to my mind: What is happening if more than
> one user account has the same email address?
>
> At the moment we allow this, whereas we might want to consider
> blocking this.
>
> WDOT?
>
> Thanks
>
> Michael
>
> Michael Wechner schrieb:
> > Dear Prabodh
> >
> > I am currently testing the forgot password feature and have a couple
> of questions:
> >
> > IIUC if a successful request (email exists) was done, then for this
> user a file will be created
> >
> > data-repo/data/change-password-requests/USER_ID.xml (whereas the
> path change-password-requests is configurable)
> >
> > with the following content
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <user xmlns="http://www.wyona.org/yanel/1.0">
> > <email>michael.wechner at wyona.com
> <mailto:michael.wechner at wyona.com></email>
> > <starttime>1248374094694</starttime>
> > <guid>f4c9fa73-b10a-4033-a31c-7d0339bd3937</guid>
> > </user>
> >
> > How is <starttime> related to the expire date of this request?
> >
> > What does <guid> stand for? I guess the content is the "reset
> password request id", but if so, then why call it like that?
> >
> > Why save the email instead the user id?
> >
> > Re scalability, if we have one million users and many people forget
> their passwords, do we have to parse all these files to find the
> correct "reset password request id"?
> >
> > Why not deleting this file after the password has been reset
> successfully?
> >
> > All the best
> >
> > Michael
>
> -- Yanel-development mailing list Yanel-development at wyona.com
> <mailto:Yanel-development at wyona.com>
> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>
More information about the Yanel-development
mailing list