[imp] Passwd Module: Security vulnerability ???

AJ aj at mindcrash.com
Tue Jul 15 19:01:20 PDT 2003


Ashwin,
    From conf.xml in the HEAD branch
<configsection name="user">
    <configboolean name="change" desc="Should we allow the user to specify 
the username?">
This is for the parameter  $conf['user']['change'] = false;
It should not display the username field if this is set to false.
It does not for me.   Have you tried the latest CVS?

AJ



At 06:21 PM 7/15/2003 -0700, Ashwin Kotian wrote:
>Hi AJ,
>
>What does this parameter do ? And I anyway did try as you suggested, but I'm
>still able to see the username displayed & change it to another username &
>also change the password (since I know the other username's original
>password).
>Is there a way to totally disable the Username display so that even if I
>know the original password I (as a normal user)cannot change the password
>using this module while logged in from another regular account ?
>
>Thanks,
>
>Ashwin.
>
>
>----- Original Message -----
>From: "AJ" <aj at mindcrash.com>
>To: <imp at lists.horde.org>
>Sent: Tuesday, July 15, 2003 5:59 PM
>Subject: Re: [imp] Passwd Module: Security vulnerability ???
>
>
> > Sorry, this should be placed in passwd/config/conf.php
> >
> >
> > At 08:58 PM 7/15/2003 -0400, AJ wrote:
> > >Place this in config/conf.php
> > >$conf['user']['change'] = false;
> >
> >
> > --
> > IMP mailing list
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: imp-unsubscribe at lists.horde.org
> >



More information about the imp mailing list