Note that in the future SQL passwords will be hashed as well (NXP-5039). Florent
On Wed, Apr 7, 2010 at 7:19 PM, Olivier Grisel <[email protected]> wrote: > On 7 April 2010 19:10, Thierry Delprat <[email protected]> wrote: >> Hi, >> Feel free to contribute such a module, that's an easy one to get started :) >> Tiry >> > > Note: if you use LDAP has a backend, a password reminder will not be > possible to implement since password are hashed for security reasons. > Even if you use the default SQL configuration for storing users in a > DB the SQLDirectory implementations might not allow to fetch the > password for the same reason. > > IMHO it is better to directly implement a password "reseter" feature > that regenerate a new password after an email confirmation (using a > temporary random token to be passed in the reset link URL send in to > the user in her email). > > -- > Olivier > _______________________________________________ > ECM mailing list > [email protected] > http://lists.nuxeo.com/mailman/listinfo/ecm > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm > -- Florent Guillaume, Director of R&D, Nuxeo Open Source, Java EE based, Enterprise Content Management (ECM) http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87 _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
