[Yanel-dev] Forgot password feature

Prabodh Upreti pupreti at yahoo.com
Fri Jul 24 12:55:31 CEST 2009 

Dear Michael


>>Dear Prabodh

>>I am currently testing the forgot password feature and have a couple of q=
uestions:

>>IIUC if a successful request (email exists) was done, then for this user =
a file will be created

>>data-repo/data/change-password-requests/USER_ID.xml (whereas the path cha=
nge->>password-requests is configurable)

>>with the following content

<?xml version=3D"1.0" encoding=3D"UTF-8"?>
<user xmlns=3D"http://www.wyona.org/yanel/1.0">
<email>michael.wechner at wyona.com</email>
<starttime>1248374094694</starttime>
<guid>f4c9fa73-b10a-4033-a31c-7d0339bd3937</guid>
</user>

>>How is <starttime> related to the expire date of this request?


Start time was when the request was initiated.=A0 The expire time is this p=
lus the configured validation hour(i.e 24 hr)

>>What does <guid> stand for? I guess the content is the "reset password re=
quest id", but if so, >>then why call it like that?
You are right. I am using multiple names for a single item.=A0 I started wi=
th reset password request id then in the middle thought this was just a gui=
d so started using that name.=A0 We can chooce whichever is more appropriat=
e and use that.=A0 I personally like guid.


Why save the email instead the user id?
>> I was looking at this file also for auditing purpose.=A0 email is really=
 not required there but I thought just in case someone wanted to examine th=
e file, it would make more sense then user id.

Re scalability, if we have one million users and many people forget their p=
asswords, do we have to parse all these files to find the correct "reset pa=
ssword request id"?

>>Good point.=A0 If I had a relational db I would not think much about this=
 and let the query pick the right record.=A0 The db administrator would man=
age the table growth.=A0 Here I thought again we would like to save the req=
uest for audit purpose.=A0 Maybe we could delete the file and just write it=
 to a log file that pw was reset.=A0 Also the code is currently going throu=
gh all the file to check the content and match the guid.=A0 What I could do=
 is name the file based on the guid and look for that file name when the re=
quest comes(i.e guid 2234jlkjdjfsd.xml=A0 )

>>Why not deleting this file after the password has been reset successfully?
covered above

Please let me know you thoughts and I will make the appropriate changes.

Thanks you

Regards

Prabodh


      =

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wyona.com/pipermail/yanel-development/attachments/20090724/1733=
29f5/attachment.htm

More information about the Yanel-development mailing list