[EMAIL PROTECTED] wrote: > My question is how I can do something similar to prevent the password > change page? > > The password change page is open to role anonymous because when a new > user is entered in the system; password expired is set to a past date to > force the user to change the password the first time. > > Are there any best practices to handle changes of passwords?
Hi Gunnar It would probably be useful to include a CAPTCHA image on the change password page. That way it stops any automated attack. Cheers Ben ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
