Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
Rajeev K
Forgot password: NoSuchUserException
October 25, 2013 4:33 AM
Answer

Rajeev K

Rank: Regular Member

Posts: 162

Join Date: June 18, 2009

Recent Posts

Hi All,

Using 6.1.1 CE

In Forgot Password screen, when a user types in a email address which does not exists in the database, he sees a message
The email address you requested is not registered in our database.

This gives a hacker the information of the valid user accounts on the system.

Therefore is it possible to show a success message similar to what we see when a valid EmailAddress user submits for a password request instead of a error message?
This will not allow any hacker to know which users are present in the system.

Thanks
Antoine Comble
RE: Forgot password: NoSuchUserException
October 25, 2013 5:40 AM
Answer

Antoine Comble

Rank: Regular Member

Posts: 207

Join Date: September 7, 2012

Recent Posts

Hi,

You can override html template to change error : liferay-portal-6.1.20-ee-ga2/tomcat-7.0.27/webapps/ROOT/html/portlet/login/forgotPassword.jsp.

You can override com.liferay.portlet.login.action.ForgotPasswordAction action to change error when user try to create account with email address already used.

Hope ths help you,

Regards

Antoine
venka reddy
RE: Forgot password: NoSuchUserException
October 25, 2013 11:39 AM
Answer

venka reddy

Rank: Regular Member

Posts: 231

Join Date: March 23, 2011

Recent Posts

Hi Rajeev,

Have a look into this jsp " /portal-web/docroot/html/portlet/login/forgot_password.jsp" look into at the line no:45 ,

I think this line is giving such type of message. Use hook to override this message.

let me know anything further!!
Rajeev K
RE: Forgot password: NoSuchUserException
October 25, 2013 11:40 PM
Answer

Rajeev K

Rank: Regular Member

Posts: 162

Join Date: June 18, 2009

Recent Posts

Thanks Venka & Antoine.