On Thursday 18 April 2002 08:46 pm, Luke Opperman wrote: > Passwords: We're using md5 hashes. If a user loses their > password, we generate a new one and ask them to change it > once they login.
I think it's Amazon that generates a URL for you instead of a new password. You click on it and set a new password. The URL has a long, funky code in it that is for your account only. It's basically the same idea as password generation, but the code is generally longer since you're not likely to give users an excessively long password. I plan on taking this approach. I'll get the code from MiscUtils.Funcs.uniqueId and put it in the user's account. > Credit Cards: PGP pairs. But I've got a question specific > to WebWare here: > > We're in the middle of our first CC site in Webware, and > have been logging/emailing errors on other sites. However, > when an error occurs the form fields are logged/emailed as > part of the exception report. > > Which leads to a problem: the CC number/info are sent > plaintext in the emails. So, what are you guys doing for > this? Would it be possible to have someway in Webware to > set some form fields that are NOT logged/emailed? You're in luck because I have the same problem. So I'll look into this. :) -Chuck _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
