Hi Alex,

>> 1. When the user presses reset pass the button on a valid user, generate
>> a random password.
>> 2. Store it in a special field in the User object (rpass?) along
>> with the date of which that random pass was generated (rdate?)
>> 3. Send it to the user in an email like this:
>> Subject: Password reset for user (username) at (name-of-the-site)
>> ...
>
> The only problem I see is sending the new password in an unencrypted
> email.

>From my experience, I consider generating a password and sending it in
an email very bad.  Happened to me once, when I set-up an account with
quite big VPS provider and they did this.  I sent them an email
complaining about it and they said it was standard practice and that I
shouldn't worry.  Only after two weeks after I got the hosting with
them, they got hacked and all their servers wiped out.  A lot of people
weren't happy.

On the other hand, as far as I remember, the "standard" picolisp way of
storing passwords in plain text and even sending them to the user
editing dialog is even worse.

I would suggest changing the standard picolisp password handling
completely.  Use bcrypt and store only a hash and salt.  Never send and
display the password anywhere, and for forgotten passwords use a simple
validation sequence.  You can try something like that at
http://logand.com/sw/ondoc/index.html after "Sing up" and then "Change
password".  The only way I can see this to be secured further would be
to use https.

Cheers,

Tomas
-- 
UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe

Reply via email to