[sork] passwd-2.2 lock username?
Iain Pople
iain at webcentre.unimelb.edu.au
Wed Jun 4 22:24:28 PDT 2003
Hi,
Eric Rostetter wrote:
> Originally it was a hidden field, and people complained that they
> wanted to be able to change it. So it was made so it could be changed,
> and people complain they didn't want it that way. So now it is a
> configuration option in the CVS HEAD (development) code, but it hasn't
> made it into the release version yet.
The problem with a hidden field is that from a security point of view,
someone could still try and change the password for a different user.
Would it be possible to include a check that ensures that the username
they are trying to change matches up with the username they are logged
in as?
cheers, Iain.
More information about the sork
mailing list