Re: [cpx] Wishlist: forgotten password

[Rus Berrett <rberrett@xxxxxxxxx>]

On Sat, Apr 23, 2005 at 09:01:53AM -0400, Bill Meier wrote:
>
> Subject: Re: [cpx] Wishlist: forgotten password
>
> At 07:04 PM 04/22/2005, you wrote:
> >How does CPX interact with a user that can't authenticate without opening 
> >up possibilities for security exploits?  It seems the safe bet here is 
> >just to have your EU password reset by an authenticated DA or SA.  no?
> 
> Many other systems (eBay, other mailing lists, etc.) can not of course 
> provide you with a plain text password, but they do assign you a temporary 
> password (when you click on a URL) and then you get into a change password 
> dialog.
> 
> If you forget your eBay password, you aren't going to call eBay to reset it 
> for you!!! They have a system in place to handle that... A safe and secure 
> system (I hope!!)

Yes, but when I signed up with eBay I provided an off-site e-mail
address where I take my eBay correspondence... there is no equivalent to
this in CPX.


> 
> Something for future consideration for a CPX enhancement?

Adding an alternate e-mail addy when adding a user?  Possibly.  I don't
see much value in return for the extra work required.


> 
> It is always easier if you empower the end user to be able to do something 
> (like in this case) rather than having to bother the DA or SA, which also 
> can increase latency by 24 hours or more, until the DA/SA read their 
> email...
> 
> Bill
> 

-- 
========================================================================
Rus Berrett                                                    NTT/Verio
                 See Perl. See Perl Run. Run Perl, Run!

======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).