[sakai2-tcc] Change reset password to have it send links rather than reset
John Bush
john.bush at rsmart.com
Wed Apr 4 19:39:12 PDT 2012
Makes good sense to me
Not sent with my iphone.
On Apr 4, 2012 7:37 PM, "Steve Swinsburg" <steve.swinsburg at gmail.com> wrote:
> Hi,
>
> This has just come up on list and I think it is worthy of discussion. The
> Reset Password tool is installed by default in trunk, and its current
> behaviour is to reset a user's password and email it to them. This is
> problematic since all you need is a user's email address and you can
> continually reset their password and essentially DoS them.
>
> I think we should change it so it sends the link and then they need to
> follow it to reset it. Then no one can reset a password without the owner's
> intervention.
>
> It's a property change:
>
> # If set to false then password reset users get sent a new email,
> otherwise they get a link to allow
> # them to reset their password. This prevents people from changing
> password they don't own.
> siteManage.validateNewUsers=true
>
> cheers,
> Steve
>
> _______________________________________________
> sakai2-tcc mailing list
> sakai2-tcc at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai2-tcc/attachments/20120404/8de72ff8/attachment.html
More information about the sakai2-tcc
mailing list