Show
Ignore:
Timestamp:
01/07/09 02:02:43 (1 year ago)
Author:
madarche
Message:

Still increasing the reset request validity from 2h to 24h. 24h is a safe choice
and there's no need to be as strict on the validity slot as it used to be,
there's no security risk on that front.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • CPS3/products/CPSDefault/trunk/MembershipTool.py

    r53329 r53332  
    6767    email_field = 'email' 
    6868    enable_password_reset = True 
    69     # 30 min is a minimum and 2 hours is a safe choice because greylisting 
    70     # techniques may hold back emails for quite some time. 
    71     reset_password_request_validity = 120*60 # 120 min 
     69    # 30 min is the strict minimum that should be set because greylisting 
     70    # techniques on SMTP servers may hold back emails for a certain amount of 
     71    # time. 24 hours is a safe choice. 
     72    reset_password_request_validity = 24*60*60 # 24 hours 
    7273    enable_password_reminder = False 
    7374