Closed Bug 291669 Opened 20 years ago Closed 18 years ago

Changing password should not send an email containing the new password

Categories

(addons.mozilla.org Graveyard :: Developer Pages, defect, P5)

Product:
addons.mozilla.org Graveyard
Component:
Developer Pages
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: chuonthis, Unassigned)

References

(
URL
)

Details

Attachments

(2 files)

Change to different include
818 bytes, patch
morgamic
: first-review-
Details | Diff | Splinter Review
new include
1.27 KB, patch
morgamic
: first-review-
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050422 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050422 Firefox/1.0+

After a user changes his password, an email titled "Your New Mozilla Update
Password" is sent containing the new password in plaintext.  This is quite
undesireable.  A better alternative would just be a "Your Mozilla Update
password has been changed" email that says, "Your password has been changed.  If
you did not change your password, <insert things to do>.  Thanks and have a
peachy day."

Reproducible: Always

Steps to Reproduce:
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: 1.0 → 1.1

        Attachment #181680 -
        Flags: first-review?(mike.morgan)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        new includeSplinter Review
      

    


  

        Attachment #181681 -
        Flags: first-review?(mike.morgan)

    
  
Status: NEW → ASSIGNED

    
    

    
  
I think this could be accomplished without adding a new file and duplicating code.  
Could you try to do this by flagging re-using the same file with an option to
display or not display the pw based on whether or not it is a 'forgotten
password' email?

    
    

    
  
Comment on attachment 181680 [details] [diff] [review]
Change to different include

Adding another include is not necessary.

        Attachment #181680 -
        Flags: first-review?(mike.morgan) → first-review-

    
    

    
  
Comment on attachment 181681 [details] [diff] [review]
new include

Adding another include is not necessary.

        Attachment #181681 -
        Flags: first-review?(mike.morgan) → first-review-

    
  
Target Milestone: 1.1 → 2.0

    
    

    
  
Mass change - bugs to be read / (re)confirmed.
Assignee: Bugzilla-alanjstrBugs → nobody
Status: ASSIGNED → NEW
Priority: -- → P5

    
    

    
  
AMO bugspam. Correcting QA contacts on OLD bugs (mozilla.update@update.bugs)

-> Correct QA contact (developers@add-ons.bugs)

Filtermeplzkthx
QA Contact: mozilla.update → developers

    
    

    
  
Fred, what's this like in Remora?
Target Milestone: 2.0 → ---

    
    

    
  
No passwords are sent out via email in Remora. Even the password change request just sends out a URL with a possibility to change the PW. It won't send another email once you changed it.

Marking this fixed.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: