Project: Drupal Version: 4.5.2 Component: user system Category: feature requests Priority: critical Assigned to: Anonymous Reported by: brlcad Updated by: brlcad Status: patch Attachment: http://drupal.org/files/issues/pass_alt.diff (6.12 KB) This patch adds a field to the user table for storing an alternate password. When a password request is made, the alternate password is set instead of clobbering the existing password. This allows the user to discard the regenerated password e-mail, preserving the existing password. This also prevents abuse whereby any anonymous user can repeatedly reset user passwords potentially entirely blocking access to a site, e.g. a curl shell script that repeatedly posts a password reset request for all accounts. Iff the alternate password is used for authentication, the alternate password becomes the main password. If the main password is set (e.g. admin user form), the alternate password is unset. The patch was made against DRUPAL-4-5-2. Cheers! Sean brlcad -- View: http://drupal.org/node/16909 Edit: http://drupal.org/project/comments/add/16909