[Bb-trac] Re: [bbPress] #779: proposal for user selected password
during registration
bbPress
bb-trac at lists.bbpress.org
Sat Apr 25 20:49:44 GMT 2009
#779: proposal for user selected password during registration
--------------------------+-------------------------------------------------
Reporter: _ck_ | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 1.0-beta
Component: Registration | Version: 1.0-beta (trunk)
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Comment (by nightgunner5):
This should be an option, defaulting to user-selected passwords on new
installs and random passwords on preexisting bbPress installations.
Storing the activation key in a hash does not prevent a hacker with access
to the database from doing anything. They can simply remove the key from
accounts they wish to activate.
I think the verification should be a random 16 character string of capital
letters, lowercase letters, numbers and a few symbols that aren't
"special" for URLs (% and & are out of the question).
The main problem would be that this would either add a few queries on each
login or change the bb_users table schema (which is connected to
WordPress/BackPress, so probably the first option).
--
Ticket URL: <http://trac.bbpress.org/ticket/779#comment:4>
bbPress <http://bbpress.org/>
Innovative forum development
More information about the Bb-trac
mailing list