This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Won't implement
FS#2688 "send password" feature exposes system
ACL & Authentication
2013-01-12
Currently anyone can request a resend of a password. This feature should be limited to a human to whom the account belongs. The account owner's mailbox can be flooded (limited DoS), the corresponding mail provider's spam protection can be triggered.
Add captcha to ensure "human origin".
Add dialogue with challenge that is only known by the account owner (i.e. email address).
I recommend to orient procedures on those of the big player (google, facebook, amazon, ...).