Hi Mike:
Not sure if there is a way to turn this off, but on my 9.04 production
system I changed the default code so that the admin user had to be
logged in as admin before the password is reset. I also changed the way
the forgot password works...basically my implementation ignores requests
to reset the password for the "admin" userLoginId unless they are logged in.
I found out pretty early on - during testing of the MyOFBiz/mylibrary
site - that this was a potential problem in production.
Regards,
Ruth
On 7/30/11 3:10 AM, Mike wrote:
Why is it that *any* user can, using the password reset or "Forgot
Your Password" can actually force "admin" to change the password? Is
there a way to turn this off?
