Hi Mark, Thanks for the reply. At least I'm not going insane. :)
I agree with what you say about triggering an email automatically but I would say that this should be different to the password reset. This is what surprised me most about the process, that the first a user might hear about it is a password reset request. It must confuse users greatly to receive password reset emails for accounts they didn't create, whereas an email saying "we've created an account for you - time to set a password" would be much more acceptable. Thanks again, Rob. > -----Original Message----- > From: Mark H. Wood [mailto:[email protected]] > Sent: 01 April 2011 17:26 > To: [email protected] > Subject: Re: [Dspace-general] New E-Person password > > On Fri, Apr 01, 2011 at 04:19:14PM +0100, Rob Ingram wrote: > > This feels like a really dumb question, and I may be missing > something obvious, but I can't figure out how to set the password when > I create a new E-Person using the XMLUI. > > It's not a dumb question at all. The reason you can't figure out how > to do that is that you can't do that. > > > Once I've created the E-Person I can trigger a password reset, which > > will send the user an email and allow them to set a new password but > > surely this isn't the recommended process for an initial registration. > > I believe it is. It's more secure to let the user do it himself: as > administrator I don't have to create a reasonably strong password, > remember it long enough to communicate it securely to the user, then > securely destroy all my records and forget that I ever knew it (because > the more exalted and powerful the user, the more certainly he will > never change that password, and then I would know something for which > I'd rather not be responsible). > > This surprised me too, until I thought about it for a bit. In fact I > had written proposes changes, but then I thought it through and > realized that what we have, though counterintuitive, really is the most > secure approach. I don't want to know my users' passwords, even for a > microsecond. > > What we probably *should* change, is that creating an EPerson for > someone else should *automatically* trigger the password reset process. > > -- > Mark H. Wood, Lead System Programmer [email protected] > Asking whether markets are efficient is like asking whether people are > smart. This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham. This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system: you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation. ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Dspace-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-general
