<div dir="ltr">For linux I dont know any...first I used BoUML and it was a mess...can you recommend some ?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Sep 10, 2013 at 9:40 AM, Abbas Naderi <span dir="ltr"><<a href="mailto:abiusx@owasp.org" target="_blank">abiusx@owasp.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Yeah, create a docs folder on the repo and put them there.<div>Its a good idea to use a diagramming software, and not ms word though :D</div>
<div><span class="HOEnZb"><font color="#888888">-A</font></span><div class="im"><br><div>
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<div style="font-weight:normal"><div>______________________________________________________________</div><div><b>Notice:</b><b> </b>This message is <b>digitally signed</b>, its <b>source</b> and <b>integrity</b> are verifiable.</div>
<div>If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at <a href="http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/" target="_blank">Certified E-Mail with Comodo and Thunderbird</a> in <a href="http://AbiusX.com" target="_blank">AbiusX.com</a></div>
</div></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span>
</div>
<br></div><div><div class="h5"><div><div>On Sep 10, 2013, at 9:38 AM, rahul chaudhary <<a href="mailto:rahul300chaudhary400@gmail.com" target="_blank">rahul300chaudhary400@gmail.com</a>> wrote:</div><br><blockquote type="cite">
<div dir="ltr">For forgot password, there will be another controller.<div><br></div><div>Another question,</div><div>Is there any place I can put all these controller diagram files. Its not good to pass them in email because if someone edits one controller and sends it back, it would be a mess to keep an updated list.</div>

</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Sep 10, 2013 at 9:36 AM, Abbas Naderi <span dir="ltr"><<a href="mailto:abiusx@owasp.org" target="_blank">abiusx@owasp.org</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Don't forget to check for enumeration attacks. The URL for password resetting should not have anything related to the user, yet you can not expect the user to login for password reset (what if they have forgotten password!?).<div>

-Abbas<br><div>
<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<span style="border-spacing:0px;text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">

<div style="font-weight:normal"><div>______________________________________________________________</div><div><b>Notice:</b><b> </b>This message is <b>digitally signed</b>, its <b>source</b> and <b>integrity</b> are verifiable.</div>

<div>If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at <a href="http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/" target="_blank">Certified E-Mail with Comodo and Thunderbird</a> in <a href="http://abiusx.com/" target="_blank">AbiusX.com</a></div>

</div></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span>
</div>
<br><div><div><div><div>On Sep 10, 2013, at 9:32 AM, rahul chaudhary <<a href="mailto:rahul300chaudhary400@gmail.com" target="_blank">rahul300chaudhary400@gmail.com</a>> wrote:</div><br></div></div><blockquote type="cite">

<div><div><div dir="ltr">Hello All,<div><br></div><div>Here is the password reset controller. Take a peek.<br clear="all"><div><br></div>-- <br><div>Regards,</div><div>Rahul Chaudhary</div><div>Ph - <a href="tel:412-519-9634" value="+14125199634" target="_blank">412-519-9634</a></div>


</div></div>
</div></div><span><Password Reset Controller.docx></span>_______________________________________________<br>OWASP_PHP_Security_Project mailing list<br><a href="mailto:OWASP_PHP_Security_Project@lists.owasp.org" target="_blank">OWASP_PHP_Security_Project@lists.owasp.org</a><br>

<a href="https://lists.owasp.org/mailman/listinfo/owasp_php_security_project" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp_php_security_project</a><br></blockquote></div><br></div></div></blockquote></div>

<br><br clear="all"><div><br></div>-- <br><div>Regards,</div><div>Rahul Chaudhary</div><div>Ph - <a href="tel:412-519-9634" value="+14125199634" target="_blank">412-519-9634</a></div>
</div>
</blockquote></div><br></div></div></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Regards,</div><div>Rahul Chaudhary</div><div>Ph - 412-519-9634</div>
</div>