[pmwiki-users] A robust user registration module
vkrishn at insteps.net
Mon May 24 23:35:52 CDT 2010
On Tuesday 25 May 2010 4:52:43 am Wordit Ltd wrote:
> On Mon, May 24, 2010 at 11:17 PM, V.Krishn <vkrishn at insteps.net> wrote:
> > I am guessing $secret is set by admin in some php file.
> config.php would be a good place.
> > Then secret would become permanent till those users exists,
> > and admin would not be able to change the secret when compromised.
> You can change a line in config.php whenever you like.
> > But then this would not be an issue as $password /s cannot easily be
> > known.
> If config.php is compromised then it's probably game over anyway.
> That's not really an issue in this context, just standard security for
> pmwiki and your web server.
Somehow I think sha1($email.$username.$password) should be sufficient.
As no user info(including email) is stored on server,
what would be the method to resend new password when lost?
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
More information about the pmwiki-users