[OWASP_PHPSEC] Password Reset Controller

Abbas Naderi abiusx at owasp.org
Tue Sep 10 14:08:24 UTC 2013


There's something name Dia i think
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 10, 2013, at 9:42 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> For linux I dont know any...first I used BoUML and it was a mess...can you recommend some ?
> 
> 
> On Tue, Sep 10, 2013 at 9:40 AM, Abbas Naderi <abiusx at owasp.org> wrote:
> Yeah, create a docs folder on the repo and put them there.
> Its a good idea to use a diagramming software, and not ms word though :D
> -A
> 
> ______________________________________________________________
> Notice: This message is digitally signed, its source and integrity are verifiable.
> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
> 
> On Sep 10, 2013, at 9:38 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> 
>> For forgot password, there will be another controller.
>> 
>> Another question,
>> Is there any place I can put all these controller diagram files. Its not good to pass them in email because if someone edits one controller and sends it back, it would be a mess to keep an updated list.
>> 
>> 
>> On Tue, Sep 10, 2013 at 9:36 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>> Don't forget to check for enumeration attacks. The URL for password resetting should not have anything related to the user, yet you can not expect the user to login for password reset (what if they have forgotten password!?).
>> -Abbas
>> ______________________________________________________________
>> Notice: This message is digitally signed, its source and integrity are verifiable.
>> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
>> 
>> On Sep 10, 2013, at 9:32 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
>> 
>>> Hello All,
>>> 
>>> Here is the password reset controller. Take a peek.
>>> 
>>> -- 
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>> <Password Reset Controller.docx>_______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>> 
>> 
>> 
>> 
>> -- 
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
> 
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130910/4be9d9a7/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list