On Fri, Sep 4, 2009 at 1:51 PM, Willem Jan Palenstijn<w...@usecode.org> wrote: > > Hi, > > Following the recent threads on notebook features, some thoughts on notebook > account management: > > * In Leiden we're setting up a notebook for use by students, and thought it > would be useful to hand out pre-generated accounts while still allowing > students to choose their own account names. > > To do this, we decided to make the account creation page open for anyone, but > require an 'account token' to actually create an account. An account token is > just a random large integer. At the start of a course, we can generate a large > list of account tokens, and give each student one of those, thus allowing them > to create an account themselves, choosing a username and associating it with > an > e-mail address (if the email feature is enabled). > > A preliminary patch for this is available at > http://www.math.leidenuniv.nl/~wpalenst/sage/account_tokens.patch . It is a > patch against 4.1.1 with tickets 4552 > ('trac_4552-notebook_account_email.patch'), 6843, 6856 applied. > > (TODO: add doctests, implement token-generation page to the interface added by > ticket 4135, allow enabling/disabling the token feature from that page too.) > > Comments are welcome :-) > > > * The 'forgot password' feature (enabled by enabling the 'email' setting of > the > notebook) currently allows anyone to reset the password of anyone they know > the > email address of, since it currently directly resets the password and mails > the > new password to the email address associated with the account. > > It would probably be better to instead generate a second password for the > account, that would only become permanent once it has been used once. Or, > alternatively, to email a link with a secure token to a password-change-page. >
Thanks. I added these here: http://wiki.sagemath.org/SageUsability Both seem like good ideas to me. William --~--~---------~--~----~------------~-------~--~----~ To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
