| commit | 70690ee7411cda5be2095f88415f1fa89d36f367 | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Wed, 16 Apr 2014 11:32:14 +0000 (16 04:32 -0700) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Wed, 16 Apr 2014 12:55:15 +0000 (16 05:55 -0700) | ||
| tree | 2ad51ebe961dd6b00b996668ee5346778aee67e3 | treesnapshot (tar.gz zip) |
| parent | acd44bb7a50c7bc3d0d7ea65e47a89f780a5a41d | commitdiff |
pwproj.cgi: instead of resetting the password send an auth code
Allowing the project password to be reset by anyone invites abuse.
Instead of actually resetting the password to a random value, send
an authorization code that allows the password to be changed.
Although it's still possible for random individuals to generate
these authorization code emails, now all the project admin has to
do is ignore them rather than dealing with a changed password.
Allowing the project password to be reset by anyone invites abuse.
Instead of actually resetting the password to a random value, send
an authorization code that allows the password to be changed.
Although it's still possible for random individuals to generate
these authorization code emails, now all the project admin has to
do is ignore them rather than dealing with a changed password.
| cgi/pwproj.cgi | diffblobblamehistory |