Yes, but that's only increased convenience. I'm wondering exactly what
security implications there are to our current system v. a token reset
system.
*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com
On Fri, Aug 24, 2012 at 1:56 PM, Chad <innocentkiller(a)gmail.com> wrote:
On Fri, Aug 24, 2012 at 1:52 PM, Tyler Romeo
<tylerromeo(a)gmail.com> wrote:
Wait a second. Concerning the password reset,
currently it uses the
user_newpassword field, which means the user is required to reset their
password upon login. How is this any different than using a reset token,
where the user supplies the reset token and changes their password?
Well I assume we'd put the token in the url we give the user,
so they don't have to type anything in.
-Chad
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l