ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (Jira)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-11206) Edit the user login security question from party profile
Date Wed, 25 Sep 2019 12:54:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-11206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16937700#comment-16937700
] 

Jacques Le Roux commented on OFBIZ-11206:
-----------------------------------------

Hi Nicolas,

I wonder if it makes sense to keep this feature as is. It seems convoluted to me. Why ask
a question to get a password hint? 
It seems a lot to remember:
# The choice of the security question
# The answer to this security question
# The relation between the password hint and the password itself

I see only a good thing in this feature: you don't have to change your password. But sincerely
do we really need a such feature? I finally think than rather fixing the current state we
should remove the feature all together. IMO, the password link in an email done a safe way
is enough. If you agree we could ask opininons on dev ML before dropping the whole security
question thing.

> Edit the user login security question from party profile
> --------------------------------------------------------
>
>                 Key: OFBIZ-11206
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11206
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: party
>    Affects Versions: Trunk
>            Reporter: Nicolas Malin
>            Assignee: Nicolas Malin
>            Priority: Major
>         Attachments: OFBIZ-11206.patch, OFBIZ-11206.patch
>
>
> Currenlty we have a system  to call a password hints when you lost your password with
answer to a security question linked to the userLogin.
> The problem that you can only set this security question at the user login creation and
never create or edit it after.
> I add with this issue: service, form, and label to edit it on the ProfileEditUserLogin
[1] page.
> [1] https://localhost:8443/partymgr/control/ProfileEditUserLogin?partyId=admin&userLoginId=admin



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message