[sakai2-tcc] Change reset password to have it send links rather than reset
Steve Swinsburg
steve.swinsburg at gmail.com
Thu Apr 5 00:05:44 PDT 2012
It's on the gateway already.
http://nightly2.sakaiproject.org:8082/portal
cheers,
Steve
On 05/04/2012, at 4:46 PM, David Horwitz wrote:
> +1 though as a note it does mean placing reset pass on the gateway so
> that it is enabled by default ...
>
>
> D
>
> On 04/05/2012 04:39 AM, Aaron Zeckoski wrote:
>> I would tend to agree and I think this is a change we should make in
>> 2.9 and document in the release notes.
>>
>> -AZ
>>
>>
>> On Wed, Apr 4, 2012 at 10:37 PM, Steve Swinsburg
>> <steve.swinsburg at gmail.com> wrote:
>>> Hi,
>>>
>>> This has just come up on list and I think it is worthy of discussion. The Reset Password tool is installed by default in trunk, and its current behaviour is to reset a user's password and email it to them. This is problematic since all you need is a user's email address and you can continually reset their password and essentially DoS them.
>>>
>>> I think we should change it so it sends the link and then they need to follow it to reset it. Then no one can reset a password without the owner's intervention.
>>>
>>> It's a property change:
>>>
>>> # If set to false then password reset users get sent a new email, otherwise they get a link to allow
>>> # them to reset their password. This prevents people from changing password they don't own.
>>> siteManage.validateNewUsers=true
>>>
>>> cheers,
>>> Steve
>>>
>>> _______________________________________________
>>> sakai2-tcc mailing list
>>> sakai2-tcc at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>
>>
>
> _______________________________________________
> sakai2-tcc mailing list
> sakai2-tcc at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
More information about the sakai2-tcc
mailing list