The page forgotpass.php should come with catcha feature to prevent abusing it
Bug #1728473 reported by
Son Nguyen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Unassigned | ||
16.10 |
Fix Released
|
High
|
Unassigned | ||
17.04 |
Fix Released
|
High
|
Unassigned | ||
17.10 |
Fix Released
|
High
|
Unassigned | ||
18.04 |
Fix Released
|
High
|
Unassigned |
Bug Description
Version: master
Hi Maharians,
In the page "Forgotten your username or password?", I would have a catcha form or similar feature to prevent the abuse.
Also the error message should be generic such as "Sorry, invalid data." or "An email has been (will shortly be) sent to ... Please follow the instruction in it".
Changed in mahara: | |
importance: | High → Wishlist |
information type: | Private Security → Public Security |
To post a comment you must log in.
Hi Son,
They are good points you make - will fix up asap
Cheers
Robert