Verbesserte Sicherheit durch Verringerung der Zeitbegrenzung der Tokenlebenszeit

2021-10-07 12:01:06 +02:00
parent 35e4e3cd44
commit f053a730f0
3 changed files with 6 additions and 4 deletions
--- a/css/login/ForgotPW.css
+++ b/css/login/ForgotPW.css
@@ -41,17 +41,14 @@
    font-size: 2.55em;
    color: #fff;
 }
-
 .txt_design {
    color: #003680;
    font-size: 1.65em;
 }
-
 #CustomerID {
    color: #003680;
    font-size: 1.320901320901321em;
 }
-
 #lbl_Hinweis {
    font-size: 1.188em;
    color: dimgrey;
--- a/login/ForgotPW.aspx
+++ b/login/ForgotPW.aspx
@@ -110,6 +110,10 @@
                     <td align="left" colspan="2"> 
                    <asp:TextBox ID="txt_Username" runat="server" Width = "250" />
                        </td></tr>
+                <tr style="color:#003680; height:30px;">
+                     <td align="left" colspan="2">  
+                          <asp:RegularExpressionValidator ID="val_usrnametxt" ControlToValidate="txt_Username" runat="server" ValidationExpression="[A-Z1-9].{4,12}" Display="Dynamic"></asp:RegularExpressionValidator>
+                         </td></tr>
                <tr style="color:#003680; height:30px;">
                <td align="right" colspan="2">                    
                <asp:Label ID="lblMessage" runat="server" />
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -168,9 +168,10 @@ Partial Class login_ForgotPW
    Function getDateoftoken(tokenname As String) As Boolean
        Dim data() As Byte = Convert.FromBase64String(tokenname)
        Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
-        If wenn < DateTime.UtcNow.AddHours(-24) Then
+        If wenn < DateTime.UtcNow.AddMinutes(-30) Then
            Return False
            MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!")
+            tokenname = ""
        Else
            Return True
        End If