Open martinvanzijl opened 8 months ago
Make the email script on Bluehost for sending "reset password" links more secure:
Avoid “replay attacks”: Add counter to payload, which must increase each time. Store the value on the email server.
Avoid “forgery attacks”: Use a simple algorithm to hash the fields in the payload and check them on the server.
Make the email script on Bluehost for sending "reset password" links more secure:
Avoid “replay attacks”: Add counter to payload, which must increase each time. Store the value on the email server.
Avoid “forgery attacks”: Use a simple algorithm to hash the fields in the payload and check them on the server.