Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Password Reset Best Practice?

0 views
Skip to first unread message

pbd22

unread,
Jun 29, 2009, 2:28:19 PM6/29/09
to
Hi.

Could somebody outline what the best steps are for password
reset on a site? I notice often that when I request a password
reset from another site, they send an guid of some sort eg:
click on the following link: http://www.xxx.com/passwordreset/some_token=d8sfsdhsdsdfsdf9sdf8sdfshh;

How exactly is this working on the back end and is this approach
the best?

Thanks.

Ed Murphy

unread,
Jun 29, 2009, 8:26:19 PM6/29/09
to
pbd22 wrote:

This is off-topic here. If I knew what web front-end you were
using, then I could suggest one or more other newsgroups where
this question would be on-topic.

pbd22

unread,
Jun 29, 2009, 11:10:15 PM6/29/09
to

I am using C#/ASP.NET 3.5 MS SQL Server 2005

I am not sure that this is (completely) off topic as I am mostly
interested
in the significatnce of the tolken presented to the user and how it is
used
in the user's table structure to allow him to replace his password.
Namely,
what is the description of those tables?

Thanks again.

Jamal

unread,
Jul 9, 2009, 1:20:15 AM7/9/09
to
They encrypt the url with some data that your Aspx password reset page
would have to decrypt the passed querystring, then you determine what to do
next. The encypted may include UserID and link expiration date, etc.

Google for ASP.NET URL encryption and you shall find lots of info.

This has nothing to do with SQL except may be the code that saves the
password...

Jamal

"pbd22" <dus...@gmail.com> wrote in message
news:2c5e473e-6fbd-48d5...@j12g2000vbl.googlegroups.com...

0 new messages