On Wed, 25 Jul 2007 18:39:03 -0500, James Bennett wrote: > On 7/25/07, Patrick Anderson <[EMAIL PROTECTED]> wrote: >> Anyway, why not reset password for a logged-in user only? Maybe I've >> look at the code too briefly, and there might be a reason for iterating >> through users_cache, but that approach sounds safer to me. > > Since the form accepts an email address as input, it could run into > problems if multiple users share a single email address -- if it just > looked up a single user with get(), for example, it'd end up throwing an > AssertionError. An alternate approach of instead asking for the username > might work, but is probably undesirable from a usability perspective > because people are far more likely to remember their email addresses > than their usernames ;)
I see. Yes, that is possible. I guess this issue has many variables. In the worst case scenario, the other user(s) will get an email with a reset password and a link to change it :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---