You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by Quinton McCombs <qm...@nequalsone.com> on 2003/01/03 21:35:41 UTC
Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated
I ran across this because of a simple problem. My application allows
admin users to update information about the user. It also allows a user
to do simple things like change their password.
I noticed that although the the new password was written to the
database, the changes were overwritten when the user logged out. It
turns out that this is not a newly discovered problems either. There is
already a proposal
(http://jakarta.apache.org/turbine/turbine-2/proposals/security-service.
html) that discusses a solution this very problem.
Does anyone see a problem with this? The only issue that I could find
was persistent pull tools. They would need to be saved as well. Does
anyone even use them??
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated
Posted by "Henning P. Schmiedehausen" <hp...@intermeta.de>.
"Quinton McCombs" <qm...@nequalsone.com> writes:
>I ran across this because of a simple problem. My application allows
>admin users to update information about the user. It also allows a user
>to do simple things like change their password.
>I noticed that although the the new password was written to the
>database, the changes were overwritten when the user logged out. It
>turns out that this is not a newly discovered problems either. There is
>already a proposal
You must change your current user object! This is a well discussed
problem.
We use
TurbineSecurity.forcePassword(user, pw1);
TurbineSecurity.saveUser(user);
in a nutshell. Yes, it sucks. But it is all we have ATM.
Regards
Henning
--
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.de
Am Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de
D-91054 Buckenhof Fax.: 09131 / 50654-20
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>