Editing a user changes the password to what's submitted, which by default is ""
(empty string).
-----------------------------------------------------------------------------------------------
Key: CONTINUUM-839
URL: http://jira.codehaus.org/browse/CONTINUUM-839
Project: Continuum
Issue Type: Bug
Components: Web interface
Affects Versions: 1.1
Reporter: Christian Gruber
On the edit user screen, if you don't elect to change the password, you will
implicitly change it to what's in the password field by default. The current
default state of the page is for the password fields to be empty.
solutions:
1. Empty passwords should be ignored, (if we assume people MUST have passwords)
and assumed to mean "no change"
2. The current password needs to be pushed out (not very secure) in the form
3. The form needs to be split on the page into two seperate forms for general
info editing and for password changes. This will then not submit the password
fields when you're, say, just changing the username or e-mail address.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
