Re: Django password reset modification

2011-05-07 Thread Amanjeev Sethi
I second that. Email is the 'postcard' of the internet world. I wouldn't send plain text password through email(s) even while running HTTPS web based email services. On Sat, May 7, 2011 at 11:27 AM, Andy McKay wrote: > > On 2011-05-05, at 9:36 PM, Phui-Hock wrote: > > On

Re: Django password reset modification

2011-05-07 Thread Andy McKay
On 2011-05-05, at 9:36 PM, Phui-Hock wrote: > On May 6, 4:22 am, Shawn Milochik wrote: >> This is a bad idea for multiple reasons. Don't do it. > > Huh, care to explain, please? Because it means you are storing passwords in plain text. There are multiple posts on the

Re: Django password reset modification

2011-05-06 Thread Andre Terra
What you *can* do is e-mail the user with a link to reactivate his password, possibly requesting that he gives the right reply to a secret question. It's a good compromise between ease and security. On Fri, May 6, 2011 at 2:01 PM, DrBloodmoney wrote: > On Fri, May 6,

Re: Django password reset modification

2011-05-06 Thread DrBloodmoney
On Fri, May 6, 2011 at 12:36 AM, Phui-Hock wrote: > On May 6, 4:22 am, Shawn Milochik wrote: >> This is a bad idea for multiple reasons. Don't do it. > > Huh, care to explain, please? Please Please Please do not send plain text passwords via email.

Re: Django password reset modification

2011-05-05 Thread Phui-Hock
On May 6, 4:22 am, Shawn Milochik wrote: > This is a bad idea for multiple reasons. Don't do it. Huh, care to explain, please? -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to

Re: Django password reset modification

2011-05-05 Thread Shawn Milochik
This is a bad idea for multiple reasons. Don't do it. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to

Django password reset modification

2011-05-05 Thread Rich
Django framework comes with a reset password out of the box feature. I would like to modify this to where a password is sent to the user via e-mail. I looked at the code in django\contib\auth\views.py I'm not sure how I can modify it. Django Reset Password The Django framework comes with