The slashdot software does something similar to this.
Here's something to think about...
The point of these steps is to prevent a certain kind of
denial-of-service attack.
Thanks for the idea. I just checked in the new code for
encrypted passwords, but I'll save your message and consider
adding that as well. As I was writing the code, that particular
DOS even occurred to me, but I didn't think it was likely
enough to justify the extra code and a solution didn't leap
immediately to mind--I'm glad to know there is one.
...this email should identify the ip number of the
person
clicking on 'send a new password'.
Another thing to consider. Thanks.
0