d2jsp
Log InRegister
d2jsp Forums > d2jsp > General Help > Site Suggestions >
Poll > A Flawed Part Of The System > E-mail Recovery -> Login
12Next
Add Reply New Topic New Poll
  Guests cannot view or vote in polls. Please register or login.
Member
Posts: 34,395
Joined: Dec 6 2007
Gold: 880.12
Nov 19 2012 02:52pm
It's short, and can be redundant, but it's a safety feature nonetheless.

I have "require gold password to login" enabled. I forgot my password, and I deleted my cookies, logging me out of d2jsp. When I recovered it, it did not ask me for my gold password to recover, and yet when I reset the password, it immediately logged me back in.

It's redundant, but I feel it's still a (possible) security loophole.

The Suggestion:
- Require it so that even when you do an e-mail recovery, gold password is required to get on if you have that feature enabled.
Member
Posts: 72,812
Joined: Apr 11 2007
Gold: 3.00
Trader: Trusted
Nov 19 2012 02:55pm
Makes sense if you have it set for gold password.

Voted yes.
Member
Posts: 28,849
Joined: Mar 8 2010
Gold: 2,570.91
Nov 19 2012 06:49pm
Quote (Djsem @ Nov 19 2012 09:55pm)
Makes sense if you have it set for gold password.

Voted yes.


I agree
Member
Posts: 34,395
Joined: Dec 6 2007
Gold: 880.12
Nov 22 2012 02:59pm
Member
Posts: 18,261
Joined: Feb 23 2009
Gold: 298.95
Nov 22 2012 03:00pm
Yes
Member
Posts: 34,395
Joined: Dec 6 2007
Gold: 880.12
Nov 27 2012 08:49am
Member
Posts: 34,395
Joined: Dec 6 2007
Gold: 880.12
Nov 30 2012 10:19am
Member
Posts: 24,688
Joined: Jul 10 2008
Gold: 0.01
Warn: 10%
Nov 30 2012 11:30am
you have my yes. i think it should be as you suggest.
Member
Posts: 70,459
Joined: Feb 3 2006
Gold: 28,299.69
Nov 30 2012 11:36am
Sounds like a good idea to me, yeah.
Member
Posts: 34,395
Joined: Dec 6 2007
Gold: 880.12
Dec 2 2012 01:27pm
Go Back To Site Suggestions Topic List
12Next
Add Reply New Topic New Poll