Hi José, > 1. When the user presses reset pass the button on a valid user, generate > a random password. > 2. Store it in a special field in the User object (rpass?) along > with the date of which that random pass was generated (rdate?) > 3. Send it to the user in an email like this: > Subject: Password reset for user (username) at (name-of-the-site) > ...
Thanks, this sounds reasonable. The only problem I see is sending the new password in an unencrypted email. Shouldn't be a big risk, I suppose. Otherwise, we could extend the user account so that everyone can deposit his public key, and enable this password reset functionality only for people who have done so. Cheers, - Alex -- UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe
