Currently logged admin can modify user's password

Status: Beta

Brought to you by: airv

#11 Currently logged admin can modify user's password

Status: open-fixed

Owner: nobody

Labels: None

Priority: 6

Updated: 2006-11-04

Created: 2006-09-07

Creator: Olivier Ramat

Private: No

An admin can modify a user password.
It shouldn't.
Worse, when an admin modifies a user without specifying
a password (for example when he modifies his rights),
it overrides the user's password with the admin's one.
See bug #1554349.

Discussion

Hervé Labas - 2006-09-08

Logged In: YES
user_id=1378263

Wow, this is huge (the replace part).
I'll go into it.
The possibility an admin has to change a user's password was
initially wanted by the association I worked for. That's why.
Thanks

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Hervé Labas - 2006-09-13

priority: 5 --> 6
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Olivier Ramat - 2006-11-04

status: open --> open-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Currently logged admin can modify user's password

Group

Searches

Help

#11 Currently logged admin can modify user's password

Discussion