× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2011

RE: method to let user reset their own password

I saw two emails like this suggesting a web page to reset the password. The flow should be user requests password reset, email is sent, user clicks a link in the email, THEN the password is reset. The way it's worded below implies any user could reset any password. You don't want that. April Fools day would have hundreds of password resets!
--
Sean Porterfield


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Monnier, Gary
Sent: Friday, November 18, 2011 10:56
To: Midrange Systems Technical Discussion
Subject: RE: method to let user reset their own password

Lim,

You could also set up a Web page the user can use to request their profile be re-activated. The process sends the request to the system in question which then e-mails back a temporary password and/or notification their profile has been re-activated. Maybe a page that launches their client connection to the system in question?

You could do the same thing with a generic profile via 5250.

Gary

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Hockchai Lim
Sent: Friday, November 18, 2011 6:05 AM
To: midrange-l@xxxxxxxxxxxx
Subject: method to let user reset their own password

We don't have SSO/EIM setup in our shop. We are currently looking for a way to allow user to reset his/her own password without having to involve an iseries admin. Below is the only idea that comes to mind:
1) Create a login exit point program that will fire of an email to the user's email address on the last login attempt that caused the profile to be disabled.
2) The email I send to the user will have a very long link that uniquely identified the iseries user ID. When user accesses the email and clicks on the link, it will call a iseries program to reset the password.

Now, the challenge would be how to tie iseries UID to user's email address.


There is probably a better and more full prove solution out there already, so, I thought I ask before reinventing wheel..

thanks


This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.