[Yanel-dev] Forgot password feature
Prabodh Upreti
pupreti at yahoo.com
Fri Jul 24 12:38:29 CEST 2009
Hi Michael
I was assuming here that the create user=A0feature only allows one user per=
email address.=A0 If this is not true then, yes we should block it at the =
forgot pw level.=A0 Also need to modify create user to only create with uni=
que passwords.=A0 Thanks.
Prabodh
________________________________
From: Michael Wechner <michael.wechner at wyona.com>
To: yanel-development at wyona.com
Sent: Thursday, July 23, 2009 4:21:05 PM
Subject: Re: [Yanel-dev] Forgot password feature
Dear Prabodh
One more thing which came to my mind: What is happening if more than one us=
er account has the same email address?
At the moment we allow this, whereas we might want to consider blocking thi=
s.
WDOT?
Thanks
Michael
Michael Wechner schrieb:
> Dear Prabodh
> =
> I am currently testing the forgot password feature and have a couple of q=
uestions:
> =
> IIUC if a successful request (email exists) was done, then for this user =
a file will be created
> =
> data-repo/data/change-password-requests/USER_ID.xml (whereas the path cha=
nge-password-requests is configurable)
> =
> with the following content
> =
> <?xml version=3D"1.0" encoding=3D"UTF-8"?>
> <user xmlns=3D"http://www.wyona.org/yanel/1.0">
>=A0 <email>michael.wechner at wyona.com</email>
>=A0 <starttime>1248374094694</starttime>
>=A0 <guid>f4c9fa73-b10a-4033-a31c-7d0339bd3937</guid>
> </user>
> =
> How is <starttime> related to the expire date of this request?
> =
> What does <guid> stand for? I guess the content is the "reset password re=
quest id", but if so, then why call it like that?
> =
> Why save the email instead the user id?
> =
> Re scalability, if we have one million users and many people forget their=
passwords, do we have to parse all these files to find the correct "reset =
password request id"?
> =
> Why not deleting this file after the password has been reset successfully?
> =
> All the best
> =
> Michael
-- Yanel-development mailing list Yanel-development at wyona.com
http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wyona.com/pipermail/yanel-development/attachments/20090724/93d5=
fc37/attachment.htm
More information about the Yanel-development
mailing list