[OWASP_PHPSEC] Password Reset Controller

rahul chaudhary rahul300chaudhary400 at gmail.com
Tue Sep 10 13:38:25 UTC 2013

For forgot password, there will be another controller.

Another question,
Is there any place I can put all these controller diagram files. Its not
good to pass them in email because if someone edits one controller and
sends it back, it would be a mess to keep an updated list.

On Tue, Sep 10, 2013 at 9:36 AM, Abbas Naderi <abiusx at owasp.org> wrote:

> Don't forget to check for enumeration attacks. The URL for password
> resetting should not have anything related to the user, yet you can not
> expect the user to login for password reset (what if they have forgotten
> password!?).
> -Abbas
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
> On Sep 10, 2013, at 9:32 AM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
> Hello All,
> Here is the password reset controller. Take a peek.
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>  <Password Reset Controller.docx>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130910/d45bc500/attachment.html>

More information about the OWASP_PHP_Security_Project mailing list