Yes, but that's only increased convenience. I'm wondering exactly what security implications there are to our current system v. a token reset system.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Fri, Aug 24, 2012 at 1:56 PM, Chad innocentkiller@gmail.com wrote:
On Fri, Aug 24, 2012 at 1:52 PM, Tyler Romeo tylerromeo@gmail.com wrote:
Wait a second. Concerning the password reset, currently it uses the user_newpassword field, which means the user is required to reset their password upon login. How is this any different than using a reset token, where the user supplies the reset token and changes their password?
Well I assume we'd put the token in the url we give the user, so they don't have to type anything in.
-Chad
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l