-Dale
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
I recognize that not all web applications have the same requirements,
but I would bet that a good portion of non-intranet sites want to
protect user email addresses. If your application has this requirement,
consider changing the feedback from the password hint tool so that the
address to which the password is sent is not divulged to the person
requesting the hint.
- [appfuse-user] Possible Information leak Dale Newfield
- Re: [appfuse-user] Possible Information leak Matt Raible
