Skip to main content

Security notes

Authentication & password management

SETLS uses a form-based authentication scheme. The password is sent as a POST parameter over the secure HTTPS connection.

Passwords are stored hashed in the database, and cannot be retrieved by the SETLS team. Passwords can be reset by any user with administrative permissions:

  • by sending a password reset email to the member, or
  • manually entering the new password

- Forms authentication
○ Password as a POST parameter over TLS channel
- Passwords are stored hashed
- Password resets by email with a one-time token
○ From: Darebin Toy Library <noreply@darebintoylibrary.setls.com.au>
○ Reply to: xxx@xxx.com
§ configurable
- Emails are sent via AWS Simple Notification Services (SNS)
○ Bounce/complaint handling as per AWS guidelines
No customer mail relay required

Back to top