Follow-up Comment #3, sr #107281 (project administration):
I'm reimplementing this particular function (user e-mail change verification)
in the next Savane.
Wrt predicatable identifiers, what about storing 2 random numbers in the DB,
one for confirmation and one for cancellation?
Other code tend to use MD5 and combine user information such as username,
etc., but I fail to see the increased security compared to a good old, plain
64 bits random number.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107281>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
