[imp] Passwd Module: Security vulnerability ???
AJ
aj at mindcrash.com
Tue Jul 15 19:01:20 PDT 2003
Ashwin,
From conf.xml in the HEAD branch
<configsection name="user">
<configboolean name="change" desc="Should we allow the user to specify
the username?">
This is for the parameter $conf['user']['change'] = false;
It should not display the username field if this is set to false.
It does not for me. Have you tried the latest CVS?
AJ
At 06:21 PM 7/15/2003 -0700, Ashwin Kotian wrote:
>Hi AJ,
>
>What does this parameter do ? And I anyway did try as you suggested, but I'm
>still able to see the username displayed & change it to another username &
>also change the password (since I know the other username's original
>password).
>Is there a way to totally disable the Username display so that even if I
>know the original password I (as a normal user)cannot change the password
>using this module while logged in from another regular account ?
>
>Thanks,
>
>Ashwin.
>
>
>----- Original Message -----
>From: "AJ" <aj at mindcrash.com>
>To: <imp at lists.horde.org>
>Sent: Tuesday, July 15, 2003 5:59 PM
>Subject: Re: [imp] Passwd Module: Security vulnerability ???
>
>
> > Sorry, this should be placed in passwd/config/conf.php
> >
> >
> > At 08:58 PM 7/15/2003 -0400, AJ wrote:
> > >Place this in config/conf.php
> > >$conf['user']['change'] = false;
> >
> >
> > --
> > IMP mailing list
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: imp-unsubscribe at lists.horde.org
> >
More information about the imp
mailing list