Spam Control for Password Reset email

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: Core - Email
    • None
    • 0
    • 2

      Problem Definition

      When Confluence is configured with a mail server, Confluence users are able to request for a Password Reset email from the login page by entering a valid username or email address after clicking on the "Forgot your password?" link.

      However, there is no spam control to this action as the user can click the "Send it to me" button multiple times without any cooldown or verification which in a way can cause a burden to either Confluence or the mail server.

      Suggested Solution

      Implementation of spam control such as CAPTCHA when a continuous attempt to request the password reset email is detected.

        1. login screenshot.png
          login screenshot.png
          13 kB
        2. Screenshot 2023-08-24 at 1.01.51 PM.png
          Screenshot 2023-08-24 at 1.01.51 PM.png
          125 kB
        3. send link screenshot.png
          send link screenshot.png
          29 kB

            Assignee:
            Unassigned
            Reporter:
            Damien Tan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: