|
Posted by Tim Awa  |
|
|
When doing password recovery, the system RESETS the password to a new value even without email confirmation.
With this, anybody who knows my email address can reset my password anytime without my consent. Maybe this feature can be improved. |
|
|
Posted by Herbert Poul  |
|
|
i don't see why anyone would do that.. except to be annoying ..
anyway .. i have created an issue for this: http://code.google.com/p/sct-project/issues/detail?id=123 although it has not a really high priority for me .. (it shouldn't be hard to implement a way where you get a secret URL emailed which then resets your password..) Hey, we have Signatures !!! Great, isn't it ? ;) |
Please login to post a reply.
