Or... Ask the subscriber id (line number), and if valid, ask the registered email address (making the visitor supply two pieces of information). Maybe have them set a secret question like favorite dog too, before the email will be generated and sent to them.
On Thu, Apr 15, 2010 at 2:57 PM, Mossman, Paul (Paul) <[email protected]> wrote: > Hi all, > > Regarding XX-6764 [1], I have an objection to this feature as described: > > "On the login screen there shall be a link that allows recovering the > password. Upon activation sipXconfig generates a new password for the User ID > entered, stores that new password in the system, and sends an email to the > email address registered for the user that includes the new password." > > This would allow anyone with IP access to invalidate the current PIN of any > known user. That could be very disruptive. > > The "Forgot PIN" link should instead email the User a "secret" link, which > can then be used to set a new PIN. That would make it considerably more > difficult for a malicious person to erase a User's PIN. > > I also think this functionality should not be available for any User with > Administration permission, and/or no defined email address. > > Thoughts? > > > -Paul > [email protected] > > > [1] http://track.sipfoundry.org/browse/XX-6764 Provide password recovery > mechanism > > _______________________________________________ > sipx-dev mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev > sipXecs IP PBX -- http://www.sipfoundry.org/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
