The email message produced for password confirmation currently includes the
user's password in the URL string. I recommend removing it. If fact, the
current implementation does not appear to need this password or the secretkey
parameter in the URL. The current email contains this:
You can go to the following URL to confirm your account:
<http://192.168.1.5/jetspeed/portal/template/ConfirmRegistration/username/test
/secretkey/ewxypgjdn1/password/test>
It could be shorted to this:
<http://192.168.1.5/jetspeed/portal/template/ConfirmRegistration/username/test
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
