Comments (3)
@Zequez If you need help with porting to Python I'd be happy to contribute!
from factoriomods.
The project is in the process of being ported to Python, and the authentication will be handled by the official API, so this will probably not be an issue in the future.
Most password recovery workflows work in that way, you get an email with a link, you click it, and then you enter the new password. You expect users to copy and paste a code somewhere to recover it? Seems quite counterproductive.
I agree with the account enumeration issue though, but it's not really such a big threat, and it's going to be deprecated anyway.
from factoriomods.
Didn't realise that it was getting re-written, thought it was a little strange that there hadn't been any commits in the past few months but that makes sense now.
Regarding password recovery, there are the two methods which are very similar in end result but have a subtle but, in my opinion, important difference.
Consider the verification code workflow:
- The user enters their email address in the account recovery form.
- Regardless of whether or not the email address exists, the user is taken to a page saying that an email has been sent and to enter the verification code from the email into a field on the page. (There's usually also a resend button on this page)
- The user receives an email with a code (Usually 6 characters or so) which they enter in the page which they still have open.
- The user enters their new password and confirm it.
I work on the single sign-on platform for Sage and this is the flow that we use for account recovers in that system. You'll also notice that it is similar to how Steam Guard works and a number of multi-factor systems. The main advantages are:
- The user isn't trained to blindly click links in emails and enter their password.
- The recovery initiation (Where you enter your email) and verification (Where you enter the verification code) can be tied to the same browser session which you can't do with the recovery link workflow.
It's a subtle difference and I doubt a penetration tester would pull up anyone for using the recovery link method, but please do consider the alternative.
I'd be happy to review the new site once it's done as I can follow Python much better.
I was planning on making a server browser but it sounds like the official stuff is well on its way so that might be a waste of time for me to do ?
from factoriomods.
Related Issues (14)
- factoriomods uri is truncated. HOT 9
- Entry consistency
- First / Last version flipped on webview
- Truncates description if it is more than one line long (while scraping forum)
- Add Method To Count Pages HOT 4
- enhancement - new mod category
- "&" on filenames are converterd to "_"
- Add mod thumbnail URI to REST data
- Ban .rar files
- Automatic iframe height HOT 1
- Transfer Mod Authorship? HOT 1
- Download Consistency HOT 3
- Download checksum HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from factoriomods.