gnuherds-app-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hide email validation in "Lost password" page? -- Security bug

From: Victor Engmark
Subject: Re: Hide email validation in "Lost password" page? -- Security bug
Date: Thu, 19 Apr 2007 13:40:28 +0200
On 4/19/07, Davi Leal <address@hidden> wrote:
Victor Engmark wrote:
> Davi Leal wrote:
> > > Why "E1_"? Anyway, I'd call it LastPasswordRetrieval or just
> > > PasswordRetrieval (less clear). Separates the information from the
> > > function(s), which could be several.
> >
> > About the field name, I propose a new one:
> >
> >         E1_LastAbuseTime   timestamp,
> >
> > We will be able to use that field to both the "lost password" page and the
> > login pages. It can be used to register the last time an operation of
> > login or lost password has been requested for a user.  What do you think?
>
> I still think it's better to give it a name according to what the field
> contains (which is not the last time the account was abused), rather than
> tie it to the first function using the data from that field.

The field will contain the last time stamp of the lost-password or login
forms use, for such entity. What do you think about?

            E1_LastTimeStamp  timestamp,

If the table is named something like PasswordRetrieval, yes. It should be obvious from the table and column name what it contains.

--
Victor Engmark
Quidquid latine dictum sit, altum videtur - What is said in Latin, sounds profound
reply via email to
[Prev in Thread] Current Thread [Next in Thread]