[
https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12934798#action_12934798
]
Bilgin Ibryam commented on OFBIZ-3842:
--------------------------------------
+ 1 looks nice
I think by default requirePasswordChange should behave the same way as in
"Email password" feature.
If it is not required to change the password after using "Email password"
link, then it shouldn't be also after generating a random password.
Still it is not a big deal, since it is configurable
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch, OFBIZ-3842_security.patch,
> OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new
> password" function is called. In the current Trunk it's a kind of hard coded
> password that will be send to the user. After generating a new pass the
> "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
