Sha256: 8e4a49f356c28d42abfac0a53c52ed1d4563fe3029a9daa1cc7e78bb39305a1b

Contents?: true

Size: 881 Bytes

Versions: 47

Compression:

Stored size: 881 Bytes

Contents

= New Features

* create_account_set_password? and verify_account_set_password?
  configuration methods have been added to the create_account and
  verify_account features.  Setting:
  
    verify_account_set_password? true

  in your rodauth configuration will change Rodauth so that instead
  of asking for a password on the create account form, it will ask for
  a password on the verify account form.

  This can fix a possible issue where an attacker creates an account
  for a user with a password the attacker knows.  If the user clicks
  on the link in the verify account email and clicks on the button on
  the verify account page, the attacker would have have a verified
  account that they know the password to.

  By setting verify_account_set_password? to true, you can ensure that
  only the user who has access to the email can enter the password for
  the account.

Version data entries

47 entries across 47 versions & 1 rubygems

Version Path
rodauth-2.36.0 doc/release_notes/1.15.0.txt
rodauth-2.34.0 doc/release_notes/1.15.0.txt
rodauth-2.33.0 doc/release_notes/1.15.0.txt
rodauth-2.32.0 doc/release_notes/1.15.0.txt
rodauth-2.31.0 doc/release_notes/1.15.0.txt
rodauth-2.30.0 doc/release_notes/1.15.0.txt
rodauth-2.29.0 doc/release_notes/1.15.0.txt
rodauth-2.28.0 doc/release_notes/1.15.0.txt
rodauth-2.27.0 doc/release_notes/1.15.0.txt
rodauth-2.26.1 doc/release_notes/1.15.0.txt
rodauth-2.26.0 doc/release_notes/1.15.0.txt
rodauth-2.25.0 doc/release_notes/1.15.0.txt
rodauth-2.24.0 doc/release_notes/1.15.0.txt
rodauth-2.23.0 doc/release_notes/1.15.0.txt
rodauth-2.22.0 doc/release_notes/1.15.0.txt
rodauth-2.21.0 doc/release_notes/1.15.0.txt
rodauth-2.20.0 doc/release_notes/1.15.0.txt
rodauth-2.19.0 doc/release_notes/1.15.0.txt
rodauth-2.18.0 doc/release_notes/1.15.0.txt
rodauth-2.17.0 doc/release_notes/1.15.0.txt