|
|
|
|
|
|
by drivebyacct2
5446 days ago
|
|
|
>i don't think 'generate password' is more vulnerable No offense, but I listed reasons why it is more vulnerable. >Also to make 'the link' more secure we need to verify the user identity. What? No. That's completely wrong. You're inherently trusting the user's email address. Maybe make them answer a security question before sending the link, but otherwise, there's nothing else to secure. If the user can't login, how do you plan to verify the user identity? And I have no idea what "need to store the user identity in the application" is supposed to mean... |
|
|