I'm ok with password recovery, automated and manual. The automated process could be: 1) The user clicks the "I've lost my password" link and enter his username. 2) A random password reset hash code is generated and associated to the user_id and the current date in a (special) table. 3) The hash code is sent to the user's email. 4) The user access a special URL with the code in it, like http://example.org/passwordrecovery/ahx4bFj84DjunX0hax0r, in less than 24h. 5) The user sets his new password.
Do you agree with this method? -- Isra ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle