Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.1-alpha-1
-
Fix Version/s: 1.1-alpha-1
-
Component/s: Web interface
-
Labels:None
-
Complexity:Intermediate
-
Number of attachments :
Description
On the edit user screen, if you don't elect to change the password, you will implicitly change it to what's in the password field by default. The current default state of the page is for the password fields to be empty.
solutions:
1. Empty passwords should be ignored, (if we assume people MUST have passwords) and assumed to mean "no change"
2. The current password needs to be pushed out (not very secure) in the form
3. The form needs to be split on the page into two seperate forms for general info editing and for password changes. This will then not submit the password fields when you're, say, just changing the username or e-mail address.
Issue Links
| This issue depends upon: | ||||
| CONTINUUM-800 | Use maven-user project for user management |
|
|
|
i think this issue cropped up in the time between the hackish user management that I put onto trunk so we had something half-way like the original security and the integration of the plexus-security war layover.
so these should all be addressed by the p-sec layover