• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Dakar (as well as Cairo) allows users to ChangePassword to an empty string. From a security point of view it is not desirable to let users erase their password.

-- PTh

No; many sites want null passwords. I have seen this on several client sites. I previously made the change you suggest and then had to revert it.

Of course you could add yet another option; but I think the current behaviour is OK.

CC

I would like this to be configurable, at least, and not hardcoded. Getting some of my older and/or digitally challenged co-workers to adopt TWiki has also led me to suggest to some to use an empty password, in combination with sessions that only expire after a full day. It's a trade-off between anonymous editing and the TWiki not being used.

There might be a better way to do this, but untill then, please make it configurable.

-- TWiki:Main/JosMaccabiani

Discarding, on the basis that we really don't want another config option and null passwords are definitely needed.

CC

Re-opening this. We can't dictate how site operators need to run their site. Adding a new flag to configure is not bad IMHO, in fact this adds the flexibility to the whole system. admins who do not need it just leave it at the default (allow empty pwd.)

-- PTh

MinimumPasswordLength has been seen also; with 0 as allowed value would be another option.

-- SP

Yes, that is a very sensible enhancement.

-- PTh

Done

CC

Thanks Crawford for acting so swiftly! smile

-- PTh

ItemTemplate
Summary Prevent change password to empty string (add MinPasswordLength configuration option)
ReportedBy TWiki:Main.PeterThoeny
Codebase 4.0.2
SVN Range Sat, 06 May 2006 build 10108
AppliesTo Engine
Component

Priority Normal
CurrentState Closed
WaitingFor

Checkins 10432 10510
TargetRelease patch
Edit | Attach | Watch | Print version | History: r13 < r12 < r11 < r10 < r9 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r13 - 2006-06-08 - SteffenPoulsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback