Menu
▾
▴
Re: Password in ALTER USER - was Re: [Firebird-devel] Vulcan Joins Free World
|
From: Martijn T. <m.t...@up...> - 2005-01-31 11:08:33
|
> > The question is whether we should require the old password on "alter > > user". Cleanly a utility can (and should) require this, but the jsource > > database API/language? > > > > Please take into account that the problem "request or not password > again" is not strictly related with the one already solved - we let any > user change his own password. Problem with occasionally modified > password doesn't depend upon the fact, who modified it in this way - > ordinary user or administrator. In the second cases results are even > more destructive - for ordinary user password may be set to known value > by administrator, broken SYSDBA password may be repaired only by another > firebird installation. > > But returning to the question - should old pasword be required attribute > in "alter user" command. I think this is useful - though I don't suppose > end-users to really modify there accounts using ISQL, most of them > prefer GUI today. Anyway as a minimum result we try not let > end-user-software developers forget that requesting old password in a > dialog for password change is a good thing. For today no one of used by > me firebird's general GUI's request old password when making change. > BTW, windows "Change password" dialog and unix's "passwd" command both > do it. Except for super-users (like Administrator). As a GUI developer - I would say the old password is required when logged in as the user for which you want to change it, but not required for sysdba or some other yet-to-be-created superuser. With regards, Martijn Tonies Database Workbench - developer tool for InterBase, Firebird, MySQL & MS SQL Server Upscene Productions http://www.upscene.com |
