Rank: Member
Joined: 1/3/2004(UTC)
Posts: 1,497
|
What is the intention of the password hint/answer? Since complex passwords are normally suggested, what is expected input to these fields? Some sites offer standard questions, like favorite restaurant, town of birth, etc. to help identify you when you try to reset a password. BV emails the new password to the registered email address. |
|
|
|
|
|
|
Rank: Member
Joined: 3/3/2006(UTC)
Posts: 1,737
|
I'm glad YOU asked this. ....been wondering the same thing. |
Optimists invent airplanes,
Pessimists buy parachutes. |
|
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC)
Posts: 1,786
|
Hint and answer were originally designed so that we could present customers with a challenge/response if they forgot their password and it was reversible encrypted or in cleartext. Late in the development cycle during a security review we realized that this could be an avenue of attack and it was not fully implemented. Clearly, we should be removing those fields from the registration page as they are not currently used but will most likely leave them on the admin side in case customers have used them to store other data.
|
|
|
|
|
|
Rank: Member
Joined: 12/23/2003(UTC)
Posts: 909
|
marcus, I'm digging up this old post.
what's the proper method to remove these fields from the registration page in the current application without affecting any functionality? |
|
|
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC)
Posts: 1,786
|
|
|
|
|
|
|
Rank: Member
Joined: 12/23/2003(UTC)
Posts: 909
|
all I needed to know!
thanks! |
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.