portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Carlson" <dcarl...@ontogenics.com>
Subject generated URL in password confirmation
Date Wed, 01 Aug 2001 18:13:33 GMT
The email message produced for password confirmation currently includes the
user's password in the URL string.  I recommend removing it.  If fact, the
current implementation does not appear to need this password or the secretkey
parameter in the URL.  The current email contains this:

  You can go to the following URL to confirm your account:


<http://192.168.1.5/jetspeed/portal/template/ConfirmRegistration/username/test
/secretkey/ewxypgjdn1/password/test>

It could be shorted to this:

<http://192.168.1.5/jetspeed/portal/template/ConfirmRegistration/username/test
>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message