-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Moin,
On Friday 27 October 2006 23:56, Timwi wrote:
Tim Starling wrote:
I've just implemented a per-user limit on password reminder emails. By default, 24 hours must elapse from one password reminder to the next. I figure if you've just been sent one password reminder, you don't need another one, assuming your mail was working.
And there you've already highlighted a grave problem with your approach. Suppose you didn't receive the mail (for whatever reasons). Then what?
I think 1 hour would be a bit better limit (manually triggering them needs a 1 hour waiting period, vandals might lose the impatience with that).
Plus, maybe you could allow the reminder to be sent out faster if you get back a bounce.
(silently eaten reminders still cause a problem, but if you dont get the first, you likely dont get the second,either)
Another alternative aproach would be to make reminders sent out immidiately if you enter your email adress, otherwise they are capped to (whatever limits) you want.
best wishes,
tels
- -- Signed on Sat Oct 28 00:32:25 2006 with key 0x93B84C15. Visit my photo gallery at http://bloodgate.com/photos/ PGP key on http://bloodgate.com/tels.asc or per email.
"The UAC is making safer worlds through superior firepower."