bira
Sun 14th May '00, 7:29am
This is a major security problem.
Why on earth does it allow the user to choose his\her own password upon registration? This way, there is no substance to the e-mail check. A user can make up a ficticious e-mail address when registaring - what does he\she care: they already have a username and password.
I didn't realize this until now, and as far as I am concerned this is a HUGE problem.
I BEG you to to provide a hack to this PLEASE. Without this, I have absolutely zero way of knowing if a user had used a valid e-mail address.
This is really bad... :(
p.s.
And don't tell me the activation link solves that, because the syntax of the activation link is a joke -- once you've seen it you know how to type it in the address bar without waiting for the e-mail to arrive.
I'm so depressed by this... I've been excited about switching to vB all weekend and this is such a setback :(
[Edited by bira on 05-15-2000 at 02:38 AM]
Why on earth does it allow the user to choose his\her own password upon registration? This way, there is no substance to the e-mail check. A user can make up a ficticious e-mail address when registaring - what does he\she care: they already have a username and password.
I didn't realize this until now, and as far as I am concerned this is a HUGE problem.
I BEG you to to provide a hack to this PLEASE. Without this, I have absolutely zero way of knowing if a user had used a valid e-mail address.
This is really bad... :(
p.s.
And don't tell me the activation link solves that, because the syntax of the activation link is a joke -- once you've seen it you know how to type it in the address bar without waiting for the e-mail to arrive.
I'm so depressed by this... I've been excited about switching to vB all weekend and this is such a setback :(
[Edited by bira on 05-15-2000 at 02:38 AM]