[Yanel-dev] Forgot password feature
Michael Wechner
michael.wechner at wyona.com
Thu Jul 23 22:21:05 CEST 2009
Dear Prabodh
One more thing which came to my mind: What is happening if more than one
user account has the same email address?
At the moment we allow this, whereas we might want to consider blocking
this.
WDOT?
Thanks
Michael
Michael Wechner schrieb:
> Dear Prabodh
>
> I am currently testing the forgot password feature and have a couple
> of questions:
>
> IIUC if a successful request (email exists) was done, then for this
> user a file will be created
>
> data-repo/data/change-password-requests/USER_ID.xml (whereas the path
> change-password-requests is configurable)
>
> with the following content
>
> <?xml version="1.0" encoding="UTF-8"?>
> <user xmlns="http://www.wyona.org/yanel/1.0">
> <email>michael.wechner at wyona.com</email>
> <starttime>1248374094694</starttime>
> <guid>f4c9fa73-b10a-4033-a31c-7d0339bd3937</guid>
> </user>
>
> How is <starttime> related to the expire date of this request?
>
> What does <guid> stand for? I guess the content is the "reset password
> request id", but if so, then why call it like that?
>
> Why save the email instead the user id?
>
> Re scalability, if we have one million users and many people forget
> their passwords, do we have to parse all these files to find the
> correct "reset password request id"?
>
> Why not deleting this file after the password has been reset
> successfully?
>
> All the best
>
> Michael
More information about the Yanel-development
mailing list