master
Petr Stefan 8 years ago
parent 2df1d04278
commit 8bb0317a6a

@ -531,33 +531,33 @@ solution was found.
### Forgotten password ### Forgotten password
With authentication and some sort of dealing with passwords is related problem With authentication and some sort of dealing with passwords is related a problem
with forgotten passwords. People easily forget them and there has to be some with forgotten credentials, especilly passwords. People easily forget them and
kind of mechanism to retrieve new password or change old one. Problem is it there has to be some kind of mechanism to retrieve a new password or change the
cannot be done in totally secure way but we can at least come quite close to it. old one. Problem is that it cannot be done in totally secure way, but we can at
But lets start from the beginning there are ways to handle that which are least come quite close to it. First, there are absolutely not secure and
absolutely not secure and recommendable, for example sending old password recommendable ways to handle that, for example sending the old password through
through email. Better solution but still not secure is to generate new one and email. A better, but still not secure solution is to generate a new one and
again send it through email. This solution was provided in CodEx, users had to again send it through email. This solution was provided in CodEx, users had to
write email to administrator who generated new password and sent it back to write an email to administrator, who generated a new password and sent it back
sender. This simple solution could be also automated but administrator had quite to the sender. This simple solution could be also automated, but administrator
a big control over whole process which might come in handy there could be some had quite a big control over whole process. This might come in handy if there
additional checkups for example, but on the other hand it can be quite time could be some additional checkups for example, but on the other hand it can be
consuming. quite time consuming.
Probably the best solution which is quite used and fairly secure is following. Probably the best solution which is often used and is fairly secure is
Lets consider only case in which all users have to fill email addresses into following. Let us consider only case in which all users have to fill their
system and these addresses are safely in the hands of the right users. At the email addresses into the system and these addresses are safely in the hands of
beginning user finds out that he/she does not remember password after that user the right users. When user finds out that he/she does not remember a password,
requests password reset and fill in his/her unique identifier, it might be email he/she requests a password reset and fill in his/her unique identifier; it might
or unique nickname. Based on matched user account system generates unique access be email or unique nickname. Based on matched user account the system generates
token and sends it user email address. Tokens should be time limited and usable unique access token and sends it user via email address. This token should be
only once so they cannot be misused. User then takes token or address which was time limited and usable only once, so it cannot be misused. User then takes the
provided in email and go to system in appropriate section, where new password token or URL address which is provided in the email and go to the system's
can be set. After that user can sign in with his new password. As stated this appropriate section, where new password can be set. After that user can sign in
solution is quite safe and user can handle it on its own administrator does not with his/her new password. As previously stated, this solution is quite safe and
have to worry about it. That is why this approach was chosen to be used in user can handle it on its own, so administrator does not have to worry about it.
ReCodEx. That is the main reason why this approach was chosen to be used in ReCodEx.
### Evaluation unit executed by ReCodEx ### Evaluation unit executed by ReCodEx

Loading…
Cancel
Save