[feature-proposal] Forgot password improvements
Caio Tiago Oliveira
caiotiago at colivre.coop.br
Mon Nov 11 22:26:55 BRST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/11/2013 08:08 PM, Ewout ter Haar wrote:
> Only for those users who share (the value of) two identifiers that
> the admin of the noosfero instance chose to activate.
No, it won't. One user may abuse the system trying values for one of
the fields and asking for the password reset instructions for each value.
Even showing public information in this case, that would mean a data
leakage, since the matched value of the field could be private.
In other words, one attacker could get a name matching some CPF and
use that in some illicit transaction.
> Can we get some perspective, please? Some clear-headed balancing
> of the trade-offs?
Privacy and data security are more important than additional ways to
reset the password, since the email is already required.
How it would be possible to receive an email for password reset
without knowing the email in the first place?
If the user has multiple emails, he can make one try for each one.
I am not against allowing other fields, but I am strongly against
leaking private data.
But I would ask: if the user knows his email and he will have to check
it, why then ask for anything other?
The username is nice, because it is usually shorter than the email and
it's usually easier to remember the username when the user has more
than three or four emails. But username disclosure is something which
won't add any security concern.
Adding sensitive data to the allowed recovery fields and mapping it to
any information, even public, will expose that sensitive data.
Any kind of disclosure of sensitive data will have negative impacts on
the community and on the software. IMHO, that's a pretty bad trade-off.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSgXXPAAoJEMzgGcmGlt4B3B4P/jk+p9jdLIeLgIr51Ue00TC/
ayKDhZdZoXKszowkVHl0bBe5nCGosKC/KAzP+uzq+e7vccEIRgoKbtQjpYrTHxZi
O9qPcek5PCe3DOlkdu4gEutDxBTQoQUQHtAN09xDqu+eBVDwtWtSS/4inIt5nW+2
ccVbViKDVuC2rSNayScPRTaODj65RpxxlQK96SLxLOTHoNIiLsITcDMUYpgIuqEl
AzuHOeZs4eCGbupn+T0qcPC6FO3/UKYEyWwRp7hp8fbOvc9VbGqPHyWIgyJoJgBP
E9MhhMz3VCFdfO1o37Km8/inlYsL7NUarAs6Mf4S90X6p+s5GAsk1XtRJ078AAOh
Kclu44rQx9kGcdwSDdoPjMVQnVkD4rt9Q6nNZ9z4b94zLI8/pPY1WRM6QBB9Crjv
W11hDnUR/yNqZyjkTIGWrjVTdWBWauSFSgv7VYK7fjcxX4eWaHOwfhKsL4KBSPJz
K6d2xqQ2VEn5f0KrUOFrsYs2i3N3t7EFUGdCsgMD10t/q9kfJMNNPYzZSjE6h9Oq
n4mDSqvxYc1xtkfSmqAIWis7WpyHXZI4/SToz5PKSmwTICCbrgZvJdeDwSlEnZjg
FmABjNVYSFMfO8bTElTZB2GoVzLiwJtpC9qNuHn7MWIc3apNLReHj5liPwrsEGGG
KPI0PeKt87y+7kaHjoWo
=FMtu
-----END PGP SIGNATURE-----
More information about the Noosfero-dev
mailing list