WebApp Sec mailing list archives
Re: Password Recovery (long) was Re: "Forgot Password" function
From: "Sverre H. Huseby" <shh () thathost com>
Date: Sat, 19 Oct 2002 18:22:40 +0200
Good read, Charles! I just have one comment: [Charles Miller] | Encrypted Email | =============== | | A secure channel method, sending an email encrypted with some | secret only known to the customer is possible, but is sufficiently | impractical that it only deserves one sentence here. If the user was allowed to upload or paste his PGP/GPG/whatever public key during registration, this isn't impractical at all, as I see it. Of course, most people don't have such a key. But at least we leave it to the user to decide if he wants to have the password encrypted rather than in clear text. Hopefully the password to activate the private key isn't the same as the password the user just forgot... ;-) Sverre. -- shh () thathost com Computer Geek? Try my Nerd Quiz http://shh.thathost.com/ http://nerdquiz.thathost.com/
Current thread:
- Re: "Forgot Password" function, (continued)
- Re: "Forgot Password" function David Bullock (Oct 18)
- Re: "Forgot Password" function Kevin Spett (Oct 18)
- Re: "Forgot Password" function Haroon Meer (Oct 18)
- Re: "Forgot Password" function Jeroen Latour (Oct 18)
- Re: "Forgot Password" function Chris Shepherd (Oct 18)
- Re: "Forgot Password" function Kevin Spett (Oct 18)
- Re: "Forgot Password" function Mark Curphey (Oct 18)
- Re: "Forgot Password" function Kevin Spett (Oct 18)
- Re: "Forgot Password" function Brecrost Jones (Oct 18)
- Password Recovery (long) was Re: "Forgot Password" function Charles Miller (Oct 19)
- Re: Password Recovery (long) was Re: "Forgot Password" function Sverre H. Huseby (Oct 19)
- Re: Password Recovery (long) was Re: "Forgot Password" function Charles Miller (Oct 19)
- Password Recovery (long) was Re: "Forgot Password" function Charles Miller (Oct 19)
- RE: "Forgot Password" function wsmith (Oct 18)
- RE: "Forgot Password" function Matthew_Chalmers (Oct 19)
- RE: "Forgot Password" function William Bartholomew (Oct 20)
- Re: "Forgot Password" function Kevin Spett (Oct 20)