An alternative method could be sending a mail with a link that let the user to have access to the system or just to the change password feature. May be something similar to the ExternalLoginKey.
In such a way the password cannot be changed by other people but the one that can access to the registered mailbox. -Bruno 2009/10/9 Jacques Le Roux <[email protected]>: > Yes, in *your* mailx box. Is this a problem for you ? > You can't prevent that if you want to give some flexibility. > "You can't have the cake and eat it" ;o) > > Jacques > > From: "Angelo Matarazzo" <[email protected]> >> >> I suppose that in security.properties password.encrypt=true >> and my username is "matarazzoa" >> >> I suppose that an ofbiz user knows my username and in this screen >> https://demo904.ofbiz.org/ordermgr/control/forgotPassword >> put my username matarazzoa and click "email password". >> >> Ofbiz system will change my password in userLogin entity and will send >> this >> new password to my email address >> >> Has another user changed my password???? >> >> Am I right? >> >> Thank you. >> >> >> -- >> View this message in context: >> http://www.nabble.com/forgot-password-and-email-password-tp25824734p25824734.html >> Sent from the OFBiz - User mailing list archive at Nabble.com. >> > >
