Hi, If I set the requiresQuestionAndAnswer = " false " then during the password recovery the password gets (reset) and emailed once the user provides a user name. This would be a problem as anyone can type someone's username and reset their password (big headache for the actual user).....
Posted to
Security
(Forum)
by
kasim
on
06-07-2007, 12:00 AM
Filed under: PasswordRecovery, security, Security Question and Answer