Am 21.09.2011 20:10, schrieb Remko Tronçon:
Putting account management in ad-hoc commands means that we don't expect clients to have a "Change password" button, but instead go through the server provided "Change account settings" dialog. It takes away power from the client (it won't be able to add fancy things like password strength measurers), but it gives more power to the server to provide a UI (e.g. instructions) that fit it, and it saves client development time :-)
Hmm, that might add some security concerns when generalized fields (like text-private) are used for passwords.
I know, it's really hard to eleminate every occurence of the password from memory, but at least clients would have the ability to do whatever they think is needed to protected the (typed in and maybe stored) password from getting revealed.
Every time when password dialogs are mentioned I remember the time where it was possible to use a (windows-)tool e.g. to display the password in outlooks password dialog as clear text inbstead of * (long fixed) ;)
Regards, Alexander
