Welcome to Geeklog, Anonymous Monday, April 22 2024 @ 02:26 pm EDT

Geeklog Forums

Lost Password Security Suggestion

Status: offline


Forum User
Full Member
Registered: 05/27/03
Posts: 612
I saw a while back that there was an issue where a person or prankster could enter someones username and email and GL would automagically change their password. Thus that user would then be unable to log in, of course they would get the new password emailed to them. This would be an annoyance and if the prankster was especially malicious could cause all big time problems.

I have been on many a site where you are asked to provide a security word. (favorite pet, mothers maiden name, place born etc). Of course not fool proof but it does add a little protection for password request requiring 3 accurate items.

Any chance this could be implemented in GL2?

Status: offline


Site Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
In case you haven't noticed - the "forgot password" function was already changed in 1.3.8. It's still possible to "flood" someone with password change notification emails (provided you have some scripting capabilities - and there's also a speed limit to slow things down) but it won't change the password.

bye, Dirk

All times are EDT. The time is now 02:26 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content