[dev] Re: [cvs] commit: horde/services resetpassword.php

[Marko Djukic]

Quoting Jan Schneider <jan at horde.org>:

> >   - The check for driver capability to do a reset is
> > hasCapability('update'), should it be a new capability
> > 'resetpassword' or similar?
>
> I don't think this is necessary, unless someone knows of a potential
> authentication backend that allows to reset passwords but not to change
> user data.

Well my thought was actually for a backend that allows updates but not passwords
resets, eg. passwd on unix, you need the old password to reset.

> >   - When asking for a password reset, the security question is left
> > to the user to select. Means that the user will have remembered which
> > one was selected in the first place. The alternative is pulling out
> > of the backend the right question for the inserted user, but would
> > mean that probing for users would be quite easy?
>
> No, that's the common way to handle those question. And be assured, someone
> being desperate because he just forgot his password will probably don't
> remember his secrect question while having this super-hurry email to be
> sent. :-)
>
> >   - More choice for challenge questions?
>
> Perhaps allow the user to set this question himself?

ok, then i'll do away with preset questions and just go for a free-form
question.



--
Marko Djukic
Horde Project (http://horde.org)