[Catalog-sig] UPDATE: PyPI - Python Package Index
Richard Jones
rjones@ekit-inc.com
Fri, 8 Nov 2002 08:10:37 +1100
On Fri, 8 Nov 2002 5:18 am, Thomas Heller wrote:
> Richard, a small additional thing:
>
> You always seem to do GET requests.
>
> This means, for requesting a login, the initial password
> is part of the URL, and chances are high, that this URL will show up
> in someone's referrer logs. Not nice, IMO.
Oops, you're absolutely correct, the registration form should perform a POST.
This is why I have "people who aren't me" testing it out, to find the obvious
glaring problems :)
> Oh, and it seems I've locked myself out somehow:
> The password isn't accepted any more, when trying to request a new
> password the server says 'email address unknown to me',
> when trying to create a new user account (username theller), it says
> 'user "theller" already exists'.
I need to implement a second form of password resetting, using the model
sourceforge uses: given a username, send an email to the user's address with
a OTK which when passed back to the server will reset the password.
Richard