At present, we get to control the bulk of the content of the email messages generated for password requests, but I'd *really* like to be able to add the time and IP address of the password request.
It could be implemented as simply as adding a one or two additional attributes to the send_password action in the API. On the OpenSRS side, invalid IP data could be nulled or zeroed, and in a perfect world, we could specify a paragraph in the password email which would contain one block of text if valid data was provided, and a different text if the API data was not valid. One issue I see with this is that the data could potentially be spoofed by less-than-honest RSPs, but the advantages of throwing investigations off track would be minimal, so I don't see this as a big risk. What do people think? Would your customers appreciate being able to find out where a phantom password request originated? What does OpenSRS think? Would this be too much work to implement? I imagine the programming effort would be pretty straightfotward -- the biggest challenge would likely be coming up with a sensible user interface to allow RSPs to configure it with the minimal number of support requests. -- Paul Chvostek <[EMAIL PROTECTED]> Operations / Abuse / Whatever +1 416 598-0000 it.canada - hosting and development http://www.it.ca/
