On 04/19/2012 04:41 PM, Jacques Le Roux wrote: > Committed at revision: 1328122 > Jacques
This change would be needed for anything dealing with PAN(credit-card number for those not into the lingo). > From: "Jacques Le Roux" <jacques.le.r...@les7arts.com> >> Nope, I'd not have raised a warning else ;o) >> The user must read it at the end, it's the body part of the email in >> the service result >> Jacques >> >> From: "Adrian Crum" <adrian.c...@sandglass-software.com> >>> Is the logged password encrypted? If yes, then I don't see a >>> problem with it. >>> >>> -Adrian >>> >>> On 4/7/2012 10:39 AM, Jacques Le Roux wrote: >>>> Hi, >>>> >>>> I followed Scott's suggestion and added a generic EMAIL_PASSWORD >>>> EmailTemplateSetting (used to send a new password at user request). >>>> I finally kept also the previous way (in r1307895) because it >>>> allows an easier 18n of the email subject. >>>> >>>> Something is worrying me a bit. Since the service takes more than >>>> 50/200 ms, ServiceDispatcher.java (just above line 600) shows the >>>> password in console and logs. To prevent this by and large, I'd >>>> like to add a hideResult attribute to service defintion. It would be >>>> false by default and used in ServiceDispatcher.runAsync() >>>> >>>> An alternative would be to use runSyncIgnore to call >>>> sendMailFromScreen service in LoginEvents.java. But I think it's a >>>> more general >>>> issue... >>>> >>>> What do you think? >>>> >>>> Jacques >>>> >>>> From: "Jacques Le Roux" <jacques.le.r...@les7arts.com> >>>>> Thanks Scott, >>>>> >>>>> This sounds like a plan. I will try to apply it... >>>>> >>>>> Jacques >>>>> >>>>> From: "Scott Gray" <scott.g...@hotwaxmedia.com> >>>>>> Hi Jacques, >>>>>> >>>>>> I think the better approach would have been to fall back to the >>>>>> EmailTemplateSetting (after adding a demo record for it) and >>>>>> failing if it isn't present (along with removing that default >>>>>> screen reference altogether). The reason for this is simplicity, >>>>>> we give the user one path through the system: >>>>>> - Define a forgot password template for the entire system in >>>>>> EmailTemplateSetting >>>>>> - If you want ones for specific product stores then define them >>>>>> in ProductStoreEmailSetting >>>>>> >>>>>> Regards >>>>>> Scott >>>>>> >>>>>> On 3/04/2012, at 10:13 PM, Jacques Le Roux wrote: >>>>>> >>>>>>> Do you agree with r1307895 and to backport it to releases? >>>>>>> http://svn.apache.org/viewvc?rev=1307895&view=rev >>>>>>> >>>>>>> Jacques >>>>>> >>>>>>