PDA

View Full Version : email of lost pass


twoseven
04-26-2004, 06:57 PM
is there a way to block specific usergroups from requesting a lost password?
well let me rephrase that would anyone be willing to share the method i was hacked a few weeks ago through this method and would like to fill that security hole.

eclectica
04-27-2004, 10:55 AM
I would like to see a hack made in which the administrator is informed whenever a member resets his password by way of email. I am concerned that someone would get their email "hijacked", such as is easily done with the use of a Hotmail account that has not been used for a while and is returned to the public domain. Then someone could use the same email account and take over the user's account. Imagine if it is the account of an administrator or moderator, and you would have troubles.