[dev] Re: commit: horde/config hooks.php.dist passwd main.php passwd/lib/Driver sql.php

Mike Cochrane mike@graftonhall.co.nz
Thu Oct 17 02:41:23 PDT 2002


> ----- Message from amith@xalan.com ---------
> 
> > Just so you have an idea where i'm going with password.. I'm making it a
> more
> > generic password change application, so you can change password that aren't
> > currently being used to login to horde.
> 
> Not to make your life harder, but do you think this should be configurable
> perhaps?  By keeping it the way it is you prevent malicious users from
> causing
> problems.  Just a thought.
> 
> Amith
> 

If you set 'allow_guests' to false in your registry then a user must be logged
in. If you only have one backend configured or don't show the backend list and
use the prefered mechanism... they can't do any more then you wanted really.

If you're that worried about a user changing another user's password (which
would still require that user's password) then use a hook and create their
username from Auth::getAuth().

It's no less secure then it was before :-)

- Mike :-)


More information about the dev mailing list