Confirmed users
491
edits
WebAppSec/Secure Coding Guidelines: Difference between revisions
WebAppSec/Secure Coding Guidelines (view source)
Revision as of 21:36, 1 October 2011
, 1 October 2011→Email Change and Verification Functions
| Line 70: | Line 70: | ||
Email verification links should not provide the user with an authenticated session. | Email verification links should not provide the user with an authenticated session. | ||
Email verification codes must expire after 8 hours. | Email verification codes must expire after the first use or expire after 8 hours if not used. | ||
===Password Storage=== | ===Password Storage=== | ||