You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Jesse McConnell (JIRA)" <ji...@codehaus.org> on 2006/11/02 20:02:54 UTC
[jira] Closed: (CONTINUUM-839) Editing a user changes the password
to what's submitted, which by default is "" (empty string).
[ http://jira.codehaus.org/browse/CONTINUUM-839?page=all ]
Jesse McConnell closed CONTINUUM-839.
-------------------------------------
Assignee: Jesse McConnell
Resolution: Fixed
i think this issue cropped up in the time between the hackish user management that I put onto trunk so we had something half-way like the original security and the integration of the plexus-security war layover.
so these should all be addressed by the p-sec layover
> Editing a user changes the password to what's submitted, which by default is "" (empty string).
> -----------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-839
> URL: http://jira.codehaus.org/browse/CONTINUUM-839
> Project: Continuum
> Issue Type: Bug
> Components: Web interface
> Affects Versions: 1.1
> Reporter: Christian Gruber
> Assigned To: Jesse McConnell
> Fix For: 1.1
>
>
> On the edit user screen, if you don't elect to change the password, you will implicitly change it to what's in the password field by default. The current default state of the page is for the password fields to be empty.
> solutions:
> 1. Empty passwords should be ignored, (if we assume people MUST have passwords) and assumed to mean "no change"
> 2. The current password needs to be pushed out (not very secure) in the form
> 3. The form needs to be split on the page into two seperate forms for general info editing and for password changes. This will then not submit the password fields when you're, say, just changing the username or e-mail address.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira