[Zope] users managing their own user details

Tom Cameron tom@cameron.to
Mon, 2 Jul 2001 21:23:05 +1000


Noted. The problem is not so simple to fix, but I do still think that it may
be a problem worth solving.

I don't recall any other user based system that does not allow users to
change their own passwords. All operating systems of any value have this
function.

The problem with the present system is that someone ends up knowing everyone
else's passwords and it does not encourage people to change their passwords
regularly.

I have noted the post from Mike Renfro pointing out
http://www.zope.org/Members/tseaver/user_settable_passwords (Letting
Normal Users Set Their Own Passwords)

and I will implement this, but it seems to me such a function should be
built into Zope.

Tom

=> -----Original Message-----
=> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Chris
=> Withers
=> Sent: Sunday, 1 July 2001 11:37 PM
=> To: tom@cameron.to
=> Cc: Mike Renfro; zope@zope.org
=> Subject: Re: [Zope] users managing their own user details
=>
=>
=> Tom Cameron wrote:
=> >
=> > One possible solution would be to modify the useredit form in
=> acl_users to
=> > ask users for thier existing password when setting a new one.
=> That way you
=> > could let them have access to the acl_users folder and be
=> confident that
=> > they will only change their own details. Not quite perfect but
=> much better.
=>
=> Not really, they'd also be able to change their own roles and
=> those of other
=> users :-(
=>
=> cheers,
=>
=> Chris
=>
=>
=>
=> _______________________________________________
=> Zope maillist  -  Zope@zope.org
=> http://lists.zope.org/mailman/listinfo/zope
=> **   No cross posts or HTML encoding!  **
=> (Related lists -
=>  http://lists.zope.org/mailman/listinfo/zope-announce
=>  http://lists.zope.org/mailman/listinfo/zope-dev )
=>