cse-fire / fire / issues / #103 - Should password reset links expire — Bitbucket

Issue #103 resolved

Gregoire Detrez created an issue 2016-02-02

They tend to accumulate in the roster and it might make sens security wise. What would be a good delay? 48h?

Comments (4)

Gregoire Detrez reporter
- assigned issue to
  
  Gregoire Detrez
- 2016-02-02T16:56:17+00:00
Evgeny Kotelnikov
We should also remove the link right after a successful password reset.
- 2016-02-02T16:59:13+00:00
Gregoire Detrez reporter
It looks like this is already done here
- 2016-02-02T22:36:06+00:00
Gregoire Detrez reporter
- changed status to resolved
Remove password-resets after 48 hours [fix ~~#103~~]

Add an in-process task scheduler and use it to remove expired password-reset urls from the database (where expired = older than 48 hours)

→ <<cset 0f13e66a053a>>
- 2016-02-04T17:56:59+00:00
Log in to comment

Assignee: Gregoire Detrez

Type: bug

Priority: minor

Status: resolved

Component: –

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!