4 Feb
2009
4 Feb
'09
2:07 a.m.
Ok, thanks for these interesting replies.
If the password of the temporary security-object you mention (in the password reset ticket database) is the URL sent by drupal, then it's probably as secure as the original drupal authentication scheme.
Many thanks !