a. pgp encrypt the e-mail if the app knew your public key
From a theoretical standpoint, that's pretty cool. Pragmatically speaking, it's too much :) Expecting people to have a pgp key to be able to (securely) recover their password is a little over-the-top. Most people are going to ignore that option, so for the majority of the users no security is gained.
I agree. Overkill but cool. But, I think that it is cool enough to implement. It would just require that we add a field to the members database to hold the public key (or even better, a link to it) and make it an optional field during member creation and modification. Then, if a user requests their password mailed to them, and there is a public key in the database, we can encrypt the email. If anyone wants to implement this I think it would be neat (albeit uber-geeky).
Those interested in the development of the website should go join http://lists.pdxruby.org/mailman/listinfo/pdxruby-dev (As this discussion really belongs there) -- Caleb Phillips IT Specialist Small White Cube _______________________________________________ PDXRuby mailing list [email protected] IRC: #pdx.rb on irc.freenode.net http://lists.pdxruby.org/mailman/listinfo/pdxruby
