[pmwiki-users] A robust user registration module

V.Krishn vkrishn at insteps.net
Mon May 24 23:35:52 CDT 2010


On Tuesday 25 May 2010 4:52:43 am Wordit Ltd wrote:
> On Mon, May 24, 2010 at 11:17 PM, V.Krishn <vkrishn at insteps.net> wrote:
> > I am guessing $secret is set by admin in some php file.
>
> config.php would be a good place.
>
> > Then secret would become permanent till those users exists,
> > and admin would not be able to change the secret when compromised.
>
> You can change a line in config.php whenever you like.
>
> > But then this would not be an issue as $password /s cannot easily be
> > known.
>
> If config.php is compromised then it's probably game over anyway.
> That's not really an issue in this context, just standard security for
> pmwiki and your web server.
>

Somehow I think sha1($email.$username.$password) should be sufficient.
Secondly,
As no user info(including email) is stored on server,
what would be the method to resend new password when lost?

>
> Marcus
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users

-- 
Regards,
V.Krishn



More information about the pmwiki-users mailing list