On Thu, 14 Oct 2010 13:34:29 +0200 ssc <s...@gmx.biz> wrote: > But don't you think, that in most cases the administrator of dl will > also be the root or a privileged user on the webserver/system? In this > case he would always be able to get those uploaded files through system > access.
In one of the cases I could see, an administrator was simply someone managing DL accounts, not having full root access. I would love to extend DL to add an 'intermediate' administrator with reduced permissions (managing his own users only). But I digress. I agree with your point. > > I'm mostly ok with sending the password in > > notifications though. > > What do you think about showing the password for the registered user? > Don't send it out through email in any way. Just show it in the WebGUI. > Or send it out through email for download tickets, but show it on the > WebGUI as well. I'd go for the second. I think that, when sending tickets the first time, users would put the password in the e-mail anyway. If I showed the password in the list, would that be enough for the grant? (that is, the grant notification would still not contain the password). > > But should an administrator have access to all files > > then? > > In my opinion an administrator is an administrator. So he should be able > to have access to all files. > > Just have another idea. Let the user decice whether the administrator > may see it or not. If not, save the password as a Hash and if he should > see it, save it as clear text and show it through the WebGUI. This is > not very complex to impement. I'd always save in clear-text anyway. This boils down to: should I display the password for administrators? I guess you're right.
