You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by Gaurav <ga...@gmail.com> on 2013/12/13 14:12:08 UTC
Forgotten Passwords
Hello,
I was wondering about the forgotten passwords feature is missing in
Roller, I found this issues already there in JIRA in popular issues [1].
I am thinking to fix this issue, as this is major issue in case user
lost its password. I am thinking of adding a new field in user
registration form of security question where we can have some default
questions and its answer we can store in the database. This question can
be used in case user forget the password.
I want some starting help, how I should go for solving this issue ?
Thanks in Advance for any help.
[1] - https://issues.apache.org/jira/browse/ROL-9
--
Regards,
*Gaurav Saini*
/Developer, Digital Marketing and Pursuing B.Tech/
/Email: gauravsaini at gmail/
Re: Forgotten Passwords
Posted by Glen Mazza <gl...@gmail.com>.
Hi Gaurav, this is just a blog, not online banking, so I don't think we
should be storing security questions, as *that* becomes a security hole
(A bad guy blog administrator can gather blogger's security answers by
reading the table and use *that* to go after blogger's online banking
sites, etc.) In many cases blogs are either single-user or students at
a school (http://blogs.mervpolis.com/roller/), nothing serious, and the
blog admin can always change an individual blogs's password if needed
even without ROL-9.
I think what we need is an ability to email a reset password for a given
email address (not the old real password, but a reset one that is some
random string, different for each request), *and* a blog-administration
level setting allowing/disallowing emailed password resets, so if this
option is disallowed for security reasons Roller will be back to what it
presently is, where only admins can reset passwords. Perhaps other
Apache webapp projects (JSPWiki? maybe some others) already have this
password reset functionality so Roller can copy that code over directly.
Regards,
Glen
On 12/13/2013 08:12 AM, Gaurav wrote:
> Hello,
>
> I was wondering about the forgotten passwords feature is missing in
> Roller, I found this issues already there in JIRA in popular issues [1].
> I am thinking to fix this issue, as this is major issue in case user
> lost its password. I am thinking of adding a new field in user
> registration form of security question where we can have some default
> questions and its answer we can store in the database. This question
> can be used in case user forget the password.
>
> I want some starting help, how I should go for solving this issue ?
> Thanks in Advance for any help.
>
> [1] - https://issues.apache.org/jira/browse/ROL-9
>