[ejabberd] webadmin mask password patch

Andreas van Cranenburgh andreas at unstable.nl
Sun Nov 7 00:29:22 MSK 2004


On Sun, Nov 07, 2004 at 12:22:05AM +0300, Anastasia Gornostaeva wrote:
> On Sat, Nov 06, 2004 at 09:54:12PM +0100, Andreas van Cranenburgh wrote:
> > On Sat, Nov 06, 2004 at 11:46:27PM +0300, Anastasia Gornostaeva wrote:
> > > Nobody except me see webadmin of jabber.ru and i'm often asked for forgotten 
> > > users password :) I'm annoying when i see stars instead letters.
> > 
> > Forgotten passwords should always be resetted, not looked up by hand by
> > administrators. If it's not a secret it's not a password anymore.
> 
> How do you enter new password instead forgotten one? :)

Whether it's masked or unmasked, it's the same. You just type something
or you paste something from the clipboard. I don't see why you couldn't
do that when it's masked (with * stars).

The important difference is is that you don't see the *original*
password.

> If you enter it manually, such password is not a password, indeed, if the 
> account is not your. So you should delete this account to user creates it 
> again. I cannot use this way, it does not prevent from username larceny.

No, you shouldn't delete the account. The roster would be gone. That's
why I said: resetting the password.

	Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20041106/ec4a9e87/attachment-0001.bin


More information about the ejabberd mailing list