[Yanel-dev] [Bug 7164] handle forgotten passwords
bugzilla at wyona.com
bugzilla at wyona.com
Fri Jun 26 06:59:38 CEST 2009
http://bugzilla.wyona.com/cgi-bin/bugzilla/show_bug.cgi?id=7164
------- Comment #1 from pupreti at yahoo.com 2009-06-26 05:49 -------
I am adding this text after going through Guillaume's email(thoughts on
forgotten password handling ) dated June 16th.
Listed below are summary of tasks I think are necessary to achieve this and
also open questions:
1. User clicks on link that says "forgot password". User gets a screen where
he/she can enter the email. They enter the email. System verifies email
address exists and creates a URL to be sent via email. The URL will have a
random generated id.
question: My understanding is yanel does not have a central config
database(could me wrong here). How can I access a single repository so that
multiple boxes can access the same data? I would like to have a central
repository where I can store random generated id, email, expiration date/time
to manage the forgot pw.
2. User gets the link via email which is then clicked to get to the change pw
screen. There user enters the new pw 2 times. When this is submitted, the
backend system will match the radom id with what is in the central repository
and implement the appropriate rule(encrpty and update pw).
question: Michael mentioned that the radomid link validation needs to be
configurable(12 hrs, 1 hr) etc. Where is the best place to put that value?
Also do we need admin UI to manage that data?
I would like to keep this simple straight forward for this phase. Once this is
stable then additional stuff.
Please add your feedback. Thank you.
--
Configure bugmail: http://bugzilla.wyona.com/cgi-bin/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Yanel-development
mailing list