Password retriever application/tool
Hi...,
We have an application where the user can clink on "Forgot My password" link to retrieve his/her password. Right now we do ask a security question as set by the user when the user enters the user id.
But going forward we want to send an email to the user with a link , so that the user can click on the link & then is asked the security question. This is to make sure that we do not expose the security question to the user directly after entering the user id.
Secondly, to make it more secure, how do I put a image verification , so that the user enters the text shown in the image before he/she does anything.
This is being currently used by google & other applications.
Regards,
Praveen
[749 byte] By [
pmohanana] at [2007-11-27 7:35:08]
# 1
Hi,1) Using the JavaMail API you can send mails, with the link and message to the user.2) The image is called as CAPTCHA, there is an open source called JCAPTCHA; I think you can use that for telling machines and humans apart.Regards,Aparajith
# 2
Hi...Aparajith,
Thanks a lot!!
Just another question. Within that link along with the user's email address I want to keep a unique identifier which is randomly generated.
https://www.domain.com?userid=abc@xyz.com&id=xz123458090sdfsdf0897890sd8fdsfdsfsdfdsf
So that when the user clicks on it the unique id & userid are verified & then the user is allowed to proceed further.
Are there any tools available or do we have to hand code them.
Regards,
Praveen
# 4
Hi Praveen,As ejp said, SecureRandom should help in this point.You can use a hashmap for storing the values, it can be used for verifying with the user id when required.Regards,Aparajith
