[Koha-bugs] [Bug 8753] Add forgot password link to OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 3 22:06:10 CET 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8753
--- Comment #57 from M. de Rooy <m.de.rooy at rijksmuseum.nl> ---
Interesting! Just some thoughts:
The SQL code in the opac-recovery script will not make it pass QA. Please move
it to module level (in DBIx?).
Can you unit test SendPasswordRecoveryEmail?
I would not mind a mail with a library password; other info is more sensitive.
If you can read/intercept the password from the mail, you can also read the
unique userid for the reset password form. Same result: a hacked account. This
approach is fine with me, feels more safe but is not per se safer imo.
Thinking out loud: if you do not include sensitive keywords as "password" in
your mail (so rename your script?), would that be little more safe? Would not
attract attention?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list