Comments (5)
hasbai
commented on August 27, 2024
用户应当自行设置密码,不建议前端随机设置密码,这会给用户“我的密码被人操控”的心理暗示。而且将明文密码发送邮件的做法没有先例,也不够安全,明文密码应当尽可能少地出现。
另外提出 issue 请遵照 issue 模板
from backend.
singularity-s0
commented on August 27, 2024
自行设置密码要求一步额外操作,不应该强制用户做这件事。
这会给用户“我的密码被人操控”的心理暗示
不太能理解,而且用户理应知道平台本来就可以修改用户密码
将明文密码发送邮件的做法没有先例
有部分服务在重置密码时会将生成的随机密码发送至邮箱。如果担心用户邮箱安全性不够,那么本来也可以通过邮箱重置密码,这种担心没有意义。
from backend.
hasbai
commented on August 27, 2024
- 可以给用户选择是自行设置密码还是由应用程序随机生成密码
- 只有在用户同意的情况下,平台才能修改密码
- 如果是常用密码的话泄露后对用户的损害极大,不发送密码邮件则无这样的隐患
总之,用户拥有设置其密码的权利,也有记住其密码的义务,这个责任不应由我们来承担。
from backend.
singularity-s0
commented on August 27, 2024
1 可以
3 随机生成的密码不可能是常用密码,不会有隐患
理论上用户应该记住其密码,但实际上用户不会这么做,从用户体验的角度考虑应该由我们承担责任。
“你不能甩锅给用户”
from backend.
hasbai
commented on August 27, 2024
可行的方案是:后端开放邮件接口,前端仅在随机生成密码时调用该接口发送密码邮件
from backend.
Related Issues (20)
- 推送通知经常会卡住 HOT 1
- 拆分 api.py 与 models.py HOT 1
- No protect for dev branch? HOT 6
- GET /reports 分页返回 HOT 1
- 自动识别敏感话题的机制 HOT 5
- Websocket 通知服务无法连接 HOT 1
- 管理员操作应留下操作记录 HOT 1
- 隐藏功能
- 置顶帖子不应该重复出现在常规信息流中
- 密码邮件应自动发送给新注册用户,而不是由前端调用API发送
- 即使用户没有APNS或者MiPush token,服务器依然会发送推送请求
- signals 单元测试
- Message API Bug HOT 1
- 用户无权将消息标记为已读 HOT 1
- Floor增加字段,表明它是Hole的第几层楼
- 修改分区信息返回的division中的pinned中的hole里面缺失floor字段
- 添加用户调整自己所发的树洞所在分区的功能
- 关键词屏蔽功能 HOT 2
- 有概率无法登录(返回404) HOT 4
- 邮件有概率无法发送 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from backend.