30 Apr
2007
30 Apr
'07
1:08 p.m.
Earnie Boyd wrote:
Quoting Ari Davidow aridavidow@gmail.com:
Include the links to user/password link (Request new password) in the mail. Create a user/remind_password link to have that in the mail instead. Just send the unencrypted password to the use.
Actually I have a client who knows his users so well, that he asked me to clear-text all the passwords... Yes, he IS aware of the consequences, but it allows him, amongst others, to send a username and a clear text password, with each mail that goes out to a user. Even without changing the whole login system, like we did, only keeping the original password in the user's data, allows you to do it.