#682 closed defect (fixed)
User should know old password in order to change password
| Reported by: | Owned by: | Matt Good | |
|---|---|---|---|
| Priority: | normal | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.9 |
Description
This is a pretty standard security thing. In an office of people using Trac, it prevents someone from locking a coworker out of their Trac account while they're at lunch...
Attachments (1)
Change History (5)
Changed 18 years ago by
| Attachment: | require_old_password.diff added |
|---|
comment:1 follow-up: 2 Changed 18 years ago by
The attached patch adds the requested feature. It is for trunk and has been lightly tested.
comment:2 follow-up: 3 Changed 18 years ago by
Replying to otaku42:
The attached patch adds the requested feature. It is for trunk and has been lightly tested.
the most typical use case of resetting the password is when you forgot your old one. how does this patch solve this use case?
comment:3 Changed 18 years ago by
Replying to ThurnerRupert:
Replying to otaku42:
The attached patch adds the requested feature. It is for trunk and has been lightly tested.
the most typical use case of resetting the password is when you forgot your old one. how does this patch solve this use case?
ThurnerRupert, this issue isn't meant to address the use-case you are identifying. (I am the original filer of the ticket.) It's only meant to address the requirement that you know the old password in order to change it.
comment:4 Changed 18 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Patch: require old password to set a new one