[dev] Re: [cvs] commit: passwd/config .cvsignore
backends.php.dist conf.xml passwd/lib Driver.php Passwd.php base.php
passwd/lib/Driver ldap.php sql.php passwd/templates/main main.inc passwd
main.php
Jan Schneider
jan@horde.org
Sun Oct 13 01:08:29 PDT 2002
Zitat von Eric Rostetter <eric.rostetter@physics.utexas.edu>:
> My objection is to making "guest => true" the default in the registry.php
> file. I think this makes the module much more of a security concern.
>
> I don't object to the functionality, but I think we should have guest
> access
> off by default, and make the system admin/installer set it to true if
> they
> want to accept responsibility for the security concerns doing so raises.
> Anyone disagree with me?
No, that makes sense. Even if users will be able to change passwords that
have nothing to do with the system's Horde authentication it still makes
sense to only allow changing of passwords for authenticated users.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
More information about the dev
mailing list