On Thu, Sep 27, 2012 at 1:25 PM, Bob Sneidar <[email protected]> wrote: > This should be a lesson to all developers. ALWAYS give users a way to > change their password.
Bob, I don't think this is true. If the encrypted information is sensitive then, in my humble opinion, having a way to change their password without providing the current one is a security vulnerability. I think that the convenience of being able to forget the password you set is not worth the risk of somebody else getting the data by doing the same procedure. Of course this only holds for sensitive data for common stuff then this is more than reasonable and desired. For example, if my browser bookmarks are encrypted, having such feature would be great but if we're talking about an app that collects stuff as sensitive as my credit card passwords then nothing should ever touch that without the password. -- http://www.andregarzia.com -- All We Do Is Code. http://fon.nu -- minimalist url shortening service. _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
