[prev in list] [next in list] [prev in thread] [next in thread] 

List:       horde-dev
Subject:    Re: [dev] [commits] Horde branch horde_auth_locking updated.
From:       Jan Schneider <jan () horde ! org>
Date:       2011-08-16 15:22:42
Message-ID: 20110816172242.Horde.ra_PShPcj3hOSotCPbCHhLA () neo ! wg ! de
[Download RAW message or body]


Zitat von Ralf Lang <lang@b1-systems.de>:

> Am Dienstag, 16. August 2011, 16:25:58 schrieb Jan Schneider:
>> Zitat von Ralf Lang <lang@b1-systems.de>:
>> > The branch "horde_auth_locking" has been updated.
>> > The following is a summary of the commits.
>> >
>> > from: 4a9655d8f9224f336185cdf4e4f2e6c29daff329
>> >
>> > b834ba4 [rla] Don't present security question dialog if none is set
>> > #10430
>> >
>>
>> This won't show the Reset button if no security question is set.
>
> It triggers the reset & email directly after username & email have been
> provided.

Ah yes, makes sense.

>> And
>> the question is whether we want to *allow* resetting the password
>> without that question at all. I'd say no.
>
> Yes, it's probably too dangerous. But then it should say so instead of
> presenting an empty question.

Agreed. We should show an error message that no security question had  
been set, and the user should contact his administrator.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

-- 
Horde developers mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: dev-unsubscribe@lists.horde.org
[prev in list] [next in list] [prev in thread] [next in thread]