Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
In our company was decided to send password in email, on registration and on forgot password. I am asking if there could be some security issues with this?
Short answer is NO. It is not safe.
Furthermore, the server should NOT store the passwords in the DB in plain-text, and the server should not keep then encoded/encrypted in a way that the password can be decoded/decrypted.
The server should handle differently "forgot password" flow. You can read more here (Java project that implements all flows...):
https://github.com/OhadR/authentication-flows/tree/master/authentication-flows#forgot-password-flow
Storing passwords in a human readable format anywhere cannot be considered as safe. But most of the service providers send passwords via email so it is the choice the system administrator needs to make.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 days ago.
Improve this question
I manage to find the solution how to send email with a file attached.
But I would like to set Gmail as standard email client and not let the user choose.
Let's the user choose client, which I would like to skip
How can I do that or where can I find that information?
Seems hard to find it..
It is ridiculous how no one says nothing but instead rates this question down
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
The image describes itself the objetive:
If someone doesn't understand, I want to create a register box which registers the g+ email into a database with the respective user's data.
It's called OAuth. Usually we use an external provider (such as Google, Facebook, Github, etc.) to identify the user, so you don't have to. The user don't have to give you his password, because you use access tokens to request the user's data from the provider's server:
You can read more and find implementations here.
On the image, you probably see the Google's OAuth2 service.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
So let's say there is a software where user can create username/password and login with that.
Now, I want to let the user change the password only if they can enter the system password. I got this idea from google chrome, where you have to enter the system password to view the saved password.
Is there any way to achieve this?
As everyone has pointed out, this is a bad idea. However, if you understand the risks and you are sure you really want to do this:
Imports System.DirectoryServices.AccountManagement
Dim valid As Boolean = False
Using context As New PrincipalContext(ContextType.Domain)
valid = context.ValidateCredentials(Environment.Username, password)
End Using
This assumes the machine is on a domain. If it is not and you want to validate against the local machine, then change ContextType.Domain to ContextType.Machine.
Also, you will need to add a reference to System.DirectoryServices.AccountManagement.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Neither will be public.
I want a really minimal user registration, that gets people the most connected to my site.
Can you think of pros or cons to this?
I don't like it. A person's email address can be guessed (usually firstname.lastname at something), and their phone number can be looked up by name using a reverse lookup 411 website.
Usernames and passwords should not be correlated at all with any third value. In your case, if I guess that someone belongs to your site and guess their email address (or search for it online), then I am one lookup away from possibly having their password.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Maybe a silly question, I just hope not...
I have a SaaS application and the next feature is to send every week (if the client ticks the box) a report.
Actually, I do that with my mail server. I retrieve the data from the DB and for each client, I generate an email and I send the email. The emails are different for each client.
I just want to know if it's possible to do that with MailChimp API.
Thanks
Bastien
I answer my questions after an answer of the MailChimp's team.
So using MailChimp is not the way to do what I want. But they propose the Mandrill service which is exactly for this kind of stuff, transactionnal email.
There are a lot of specific services for that like sendgrid or mailjet too.
Bastien