feature request, no password in forgotten password e-mail

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

feature request, no password in forgotten password e-mail

dlang
It would be good to have an option that instead of e-mailing the password in the clear to the user, disable their password and use a custom link (similar to the 'change my e-mail process) that would send an e-mail to the user, they click on a link that gives them the ability to enter a new password, then send a message to the e-mail saying that the password has been changed.

for users with this set you would not need to store the password in the clear (or even in a reversable encryption), and could store the password hash instead of the password itself.

not a critical thing, but a 'best practices' type of thing (but one that gets some people very upset)
Reply | Threaded
Open this post in threaded view
|

Re: feature request, no password in forgotten password e-mail

Hugo <Nabble>
Hi David, thanks for the suggestion. I created a ticket for this implementation. It may have to wait one or two months until we finish our top priority issues. But sooner or later it will be done.
Reply | Threaded
Open this post in threaded view
|

Re: feature request, no password in forgotten password e-mail

dlang
Yes, first things first (the template stuff seems the highest value and
also seems to be your highest priority)

everything else I'm suggesting can happen later.

David Lang

On Thu, 2 Jun 2011, Hugo <Nabble> [via Nabble Support] wrote:

> Hi David, thanks for the suggestion. I created a ticket for this
> implementation. It may have to wait one or two months until we finish our
> top priority issues. But sooner or later it will be done.