Yes, but that's only increased convenience. I'm wondering exactly what security implications there are to our current system v. a token reset system.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Fri, Aug 24, 2012 at 1:56 PM, Chad <innocentkil...@gmail.com> wrote: > On Fri, Aug 24, 2012 at 1:52 PM, Tyler Romeo <tylerro...@gmail.com> wrote: > > Wait a second. Concerning the password reset, currently it uses the > > user_newpassword field, which means the user is required to reset their > > password upon login. How is this any different than using a reset token, > > where the user supplies the reset token and changes their password? > > > > Well I assume we'd put the token in the url we give the user, > so they don't have to type anything in. > > -Chad > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
