Kathey Marsden wrote: ... > 3) We need to decide what to do about the password. On IRC andersmo > mentioned really anyone can have it sent to the list by pressing the > send me my password button. Perhaps we can find out how Forrest handles > it.
I found a post in the forrest archives [1] that mentions the security issue: > I tried that first, but it opens up that account for some light hacking: > one can request a password change and the new password is then mailed to > the list. So I opted for the no-role-account policy. I didn't find a followup post to the public list. -jean [1] http://mail-archives.apache.org/mod_mbox/forrest-dev/200211.mbox/[EMAIL PROTECTED]
