[dev] Re: [cvs] commit: horde/services resetpassword.php

[Jan Schneider]

Zitat von Marko Djukic <mdjukic at horde.org>:

> mdjukic     2004/05/24 16:01:01 PDT
>
>   Added files:
>     services             resetpassword.php
>   Log:
>   "Forgot password" utility to reset a user's password.
>   Allows setting of an alternate email and a security 
> question/response to the prefs backend.
>
>   Some thoughts:
>   - This is currently done in the Auth files, should it be better 
> done in the passwd module? Although would be nice to avoid the passwd 
> module requirement just to reset the password.

I think the Auth API is the correct place for this. I think we should even
merge the whole passwd application to Auth one day.

>   - The check for driver capability to do a reset is 
> hasCapability('update'), should it be a new capability 
> 'resetpassword' or similar?

I don't think this is necessary, unless someone knows of a potential
authentication backend that allows to reset passwords but not to change
user data.

>   - When asking for a password reset, the security question is left 
> to the user to select. Means that the user will have remembered which 
> one was selected in the first place. The alternative is pulling out 
> of the backend the right question for the inserted user, but would 
> mean that probing for users would be quite easy?

No, that's the common way to handle those question. And be assured, someone
being desperate because he just forgot his password will probably don't
remember his secrect question while having this super-hurry email to be
sent. :-)

>   - More choice for challenge questions?

Perhaps allow the user to set this question himself?

Jan.

--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting.php