Thanks Ruth. Sounds like you tweaked the system to prevent this admin reset issue. I would think that the password reset should only apply to ecommerce customers. Sounds like a code change will be required.
On Sat, Jul 30, 2011 at 1:24 PM, Ruth Hoffman <rhoff...@aesolves.com> wrote: > Hi Mike: > Not sure if there is a way to turn this off, but on my 9.04 production > system I changed the default code so that the admin user had to be logged in > as admin before the password is reset. I also changed the way the forgot > password works...basically my implementation ignores requests to reset the > password for the "admin" userLoginId unless they are logged in. > > I found out pretty early on - during testing of the MyOFBiz/mylibrary site - > that this was a potential problem in production. > > Regards, > Ruth > > On 7/30/11 3:10 AM, Mike wrote: >> >> Why is it that *any* user can, using the password reset or "Forgot >> Your Password" can actually force "admin" to change the password? Is >> there a way to turn this off? >> >
