[
https://issues.apache.org/jira/browse/JSPWIKI-159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12637357#action_12637357
]
Janne Jalkanen commented on JSPWIKI-159:
----------------------------------------
Allowing login credentials for password recovery is a problem, since that means
that you could be subjected to a denial-of-service attack. Say, have a bot
reset your password every few minutes.
The name with which you edit the wiki pages is visible in every page edit...
Also, changing your email address is probably easier than abandoning your
account and starting again.
> Getting an new password is only possible for one user per mail address
> ----------------------------------------------------------------------
>
> Key: JSPWIKI-159
> URL: https://issues.apache.org/jira/browse/JSPWIKI-159
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Reporter: Florian Holeczek
>
> If there's more than one user with a given email address, it's only possible
> for one of these users to get a new password via email.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
