i am wondering what is the simplest way to trigger a site-wide password reset, in the event that the site security is compromised (hacking)?
once any security issues are resolved, there needs to ideally be a way of triggering all members to reset their password at least..
has anyone coded a process for this?
thanks
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Matt Beckett@Beck24
Matt Beckett - 0 likes
- ura soul@tunist
ura soul - 0 likes
You must log in to post replies.not that I'm aware of, but you could do a simple batch process to generate new random passwords and email them out. Or if you don't want to email them, basically invalidate all passwords and post a notice on the login form letting people know they should use the forgot password function.
i think the 2nd option is most efficient and simple.. i have no need to do this presently.. i was motivated to ask as i received a mail from another website who were doing this and wondered what i would do in that situation.