[OWASP_PHPSEC] Password Reset Controller

Abbas Naderi abiusx at owasp.org
Tue Sep 10 13:36:28 UTC 2013


Don't forget to check for enumeration attacks. The URL for password resetting should not have anything related to the user, yet you can not expect the user to login for password reset (what if they have forgotten password!?).
-Abbas
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 10, 2013, at 9:32 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> Hello All,
> 
> Here is the password reset controller. Take a peek.
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> <Password Reset Controller.docx>_______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130910/5509a946/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list