Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
Fengol2018-11-08 14:01:53
Information Security
Fengol, 2018-11-08 14:01:53

Do I need to encrypt the password reset token using email?

Do I need to encrypt the password reset token that is sent with the email to the user?
If yes, then why?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Sergey, 2018-11-08
@feanor7

Build a model of the intruder. Without details about your system, I'll say no. If the employee's mailbox can be accessed from the open internet, then maybe.

Report
V
Vladislav Klimanov, 2018-11-08
@ahmpro

There is no need for this, it is enough to make the token one-time, long enough and with a short lifetime.

Similar questions
Z
zilhome2015-03-20 19:25:02
Is it possible to hide a file on ftp for certain users? 4Reply
A
Alexander2019-08-25 23:53:11
Is it safe to use a secret subdomain for the dev version of a project? 1Reply
M
MichaelMichael2015-03-25 11:37:03
How to enable or disable data transfer depending on the Internet connection method used on Android? 1Reply
V
Vasylj2015-03-26 13:47:03
How to programmatically call in Android without the user noticing? 2Reply
X
xxx2017-03-30 00:31:19
What do you need to get a job as a pentester? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question