[sork] passwd-2.2 lock username?

Iain Pople iain at webcentre.unimelb.edu.au
Wed Jun 4 22:24:28 PDT 2003


Hi,

Eric Rostetter wrote:
> Originally it was a hidden field, and people complained that they
> wanted to be able to change it.  So it was made so it could be changed,
> and people complain they didn't want it that way.  So now it is a 
> configuration option in the CVS HEAD (development) code, but it hasn't
> made it into the release version yet.

The problem with a hidden field is that from a security point of view, 
someone could still try and change the password for a different user. 
Would it be possible to include a check that ensures that the username 
they are trying to change matches up with the username they are logged 
in as?

cheers, Iain.






More information about the sork mailing list