Issue 87: Make password reset more secure
http://code.google.com/p/django-hotclub/issues/detail?id=87
New issue report by gromph99:
What steps will reproduce the problem?
1. request a password reset: /account/password_reset/
2. observer plain text password in email
What is the expected output? What do you see instead?
It would be better if pinax sent a link with a temporary key in it to
return to the password reset page. Then have the user enter a new password
on the page.
Please provide any additional information below.
In general I'd like to see the login system be as secure as possible, such
as using https, secure login cookies, and other modern security measures.
Issue attributes:
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pinax-updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pinax-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
