on 09-21-2011 10:13 PM
Hi,
Is there a way we can validate the user id (unique id) in the password reset guided procedure against the IDM database ?
Right now if i even enter "a" in the unique id space the guided procedure take it and shows up some random questions. we want IDM to validate if the entered unique id is correct and if possible to only allow those id's which have a profile set.
Please let me know how can this be achived.
Thanks
Hi,
Although there is a verification that the user exists, this information is not revealed to the end user for security reasons.
If a non existent ID is entered, random questions are given.
If the password reset would inform whether a user exists or not, you would be more vulnerable to attacks, as the attacker would actually know whether the given ID is legal.
Best regards
John erik Setsaas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.