incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Jaquith (JIRA)" <>
Subject [jira] Commented: (JSPWIKI-266) Add ability to restrict account creation
Date Mon, 12 May 2008 14:32:55 GMT


Andrew Jaquith commented on JSPWIKI-266:

Oh, and one more thing. The technique for manually setting passwords will necessarily change
if we salt the password hashes as described in [JSPWIKI-20]. That's something we will definitely
do, and soon, so the method you use today to determine the hashed password won't work in the

> Add ability to restrict account creation
> ----------------------------------------
>                 Key: JSPWIKI-266
>                 URL:
>             Project: JSPWiki
>          Issue Type: New Feature
>          Components: Authentication&Authorization
>            Reporter: Aaron Hamid
> This is a formal feature request (because I could not find an existing issue) for the
"Admin Creates User Profiles" Idea here:
> Once way to implement it would be, that a different permission, "createProfile", be added,
still configurable in the jspwiki.policy file. This way the desired policy could be configured
such that the admin group has the "createProfile" permission, while the Authenticated have
their "editProfile" permission.
> Workarounds are presented here
but have drawbacks, including allowing arbitrary junk accounts or forcing security to be configured
external to the application.
> The proposal above, a new "createProfile" permission, seems like a straightforward way
to address this concern directly in the product expanding its usefulness without weird workarounds.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message