WebApp Sec mailing list archives
Re: Example of the worst passwd recovery interface
From: Christopher Canova <ccanova () reachone com>
Date: Thu, 04 Aug 2005 08:02:26 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Saqib Ali wrote:
"However the web page also displays the email address to which the reminder was sent."
This is another example of how diligent web developers must be to protect a user's privacy. This also has other setbacks such as the ability to farm email addresses for spammers. Has someone notified their web development team? Christopher Canova ccanova () reachone com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC8i4CvE+JJ/srsxoRAv9sAKC/GHeWvJLiLpO4XZZCZAemFuCCwQCgqnJu IB3W2p2kTf5CPVVI9TDEh8Y= =wCP7 -----END PGP SIGNATURE-----
Current thread:
- Example of the worst passwd recovery interface Saqib Ali (Aug 03)
- RE: Example of the worst passwd recovery interface Marc Heuse (Aug 04)
- RE: Example of the worst passwd recovery interface Irene Abezgauz (Aug 04)
- Re: Example of the worst passwd recovery interface Saqib Ali (Aug 11)
- Re: Example of the worst passwd recovery interface Saqib Ali (Aug 04)
- RE: Example of the worst passwd recovery interface Irene Abezgauz (Aug 04)
- Re: Example of the worst passwd recovery interface Christopher Canova (Aug 04)
- Re: Example of the worst passwd recovery interface Yousef Syed (Aug 04)
- Re: Example of the worst passwd recovery interface Javier Fernandez-Sanguino (Aug 05)
- <Possible follow-ups>
- RE: Example of the worst passwd recovery interface Wall, Kevin (Aug 06)
- RE: Example of the worst passwd recovery interface Marc Heuse (Aug 04)