[ http://jira.codehaus.org/browse/CONTINUUM-839?page=all ]
Jesse McConnell closed CONTINUUM-839.
-------------------------------------
Assignee: Jesse McConnell
Resolution: Fixed
i think this issue cropped up in the time between the hackish user management
that I put onto trunk so we had something half-way like the original security
and the integration of the plexus-security war layover.
so these should all be addressed by the p-sec layover
> Editing a user changes the password to what's submitted, which by default is
> "" (empty string).
> -----------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-839
> URL: http://jira.codehaus.org/browse/CONTINUUM-839
> Project: Continuum
> Issue Type: Bug
> Components: Web interface
> Affects Versions: 1.1
> Reporter: Christian Gruber
> Assigned To: Jesse McConnell
> Fix For: 1.1
>
>
> On the edit user screen, if you don't elect to change the password, you will
> implicitly change it to what's in the password field by default. The current
> default state of the page is for the password fields to be empty.
> solutions:
> 1. Empty passwords should be ignored, (if we assume people MUST have
> passwords) and assumed to mean "no change"
> 2. The current password needs to be pushed out (not very secure) in the form
> 3. The form needs to be split on the page into two seperate forms for general
> info editing and for password changes. This will then not submit the
> password fields when you're, say, just changing the username or e-mail
> address.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
