大多数网站或网络系统允许用户通过提供电子邮件地址或回复提示来恢复丢失的密码。
Most websites or network systems allow users to recover lost passwords by providing email addresses or answering a prompt.
考虑到安全因素,邮件代理只允许你查看收件箱和以你自己的账户回复邮件,而不允许访问到gChat服务,修改用户密码或者修改账户的其他设置。
In terms of security, delegates can only view your inbox and respond to messages on your behalf; they can't access gChat, change your password, or fiddle with other account settings.
恶意攻击者仍可以探查连接(请注意,缺省情况下密码摘要没有被加密)并回复整个UsernameToken,因此nonce和时间戳检查是缺一不可的。
A malicious attacker can still sniff the wire (note that password digest is not encrypted by default) and replay the entire UsernameToken, so nonce and timestamp checking are imperative.
应用推荐