[dev] Re: [cvs] commit: horde/services resetpassword.php
Marko Djukic
mdjukic at horde.org
Mon May 24 17:47:12 PDT 2004
Quoting Jan Schneider <jan at horde.org>:
> > - The check for driver capability to do a reset is
> > hasCapability('update'), should it be a new capability
> > 'resetpassword' or similar?
>
> I don't think this is necessary, unless someone knows of a potential
> authentication backend that allows to reset passwords but not to change
> user data.
Well my thought was actually for a backend that allows updates but not passwords
resets, eg. passwd on unix, you need the old password to reset.
> > - When asking for a password reset, the security question is left
> > to the user to select. Means that the user will have remembered which
> > one was selected in the first place. The alternative is pulling out
> > of the backend the right question for the inserted user, but would
> > mean that probing for users would be quite easy?
>
> No, that's the common way to handle those question. And be assured, someone
> being desperate because he just forgot his password will probably don't
> remember his secrect question while having this super-hurry email to be
> sent. :-)
>
> > - More choice for challenge questions?
>
> Perhaps allow the user to set this question himself?
ok, then i'll do away with preset questions and just go for a free-form
question.
--
Marko Djukic
Horde Project (http://horde.org)
More information about the dev
mailing list