Make password reset more secure

andreirk / django-hotclub

Automatically exported from code.google.com/p/django-hotclub

0 stars 0 forks source link

Make password reset more secure #87

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. request a password reset: /account/password_reset/
2. observer plain text password in email

What is the expected output? What do you see instead?
It would be better if pinax sent a link with a temporary key in it to
return to the password reset page. Then have the user enter a new password
on the page. 

Please provide any additional information below.

In general I'd like to see the login system be as secure as possible, such
as using https, secure login cookies, and other modern security measures.

Original issue reported on code.google.com by gromp...@gmail.com on 9 Oct 2008 at 9:24

GoogleCodeExporter commented 9 years ago

I agree and prefer this pattern too.

Original comment by jtau...@gmail.com on 27 Oct 2008 at 10:46

Changed state: Accepted

GoogleCodeExporter commented 9 years ago

Original comment by pyDanny on 13 Mar 2009 at 3:47

Added labels: Security, Milestone-0.8

GoogleCodeExporter commented 9 years ago

Original comment by leidel on 13 Mar 2009 at 9:06

Added labels: Milestone-Post-0.7

GoogleCodeExporter commented 9 years ago

brosner was working on this for 0.7

Original comment by jtau...@gmail.com on 16 Mar 2009 at 3:02

Added labels: Milestone-0.7
Removed labels: Milestone-Post-0.7

GoogleCodeExporter commented 9 years ago

Moved to cpc

Original comment by pyDanny on 31 Mar 2009 at 2:07

Added labels: movedtocpc

GoogleCodeExporter commented 9 years ago

Original comment by pyDanny on 31 Mar 2009 at 2:40

Changed state: MovedToCpc