On Fri, Apr 01, 2011 at 04:19:14PM +0100, Rob Ingram wrote: > This feels like a really dumb question, and I may be missing something > obvious, but I can't figure out how to set the password when I create a new > E-Person using the XMLUI.
It's not a dumb question at all. The reason you can't figure out how to do that is that you can't do that. > Once I've created the E-Person I can trigger a password reset, which > will send the user an email and allow them to set a new password but > surely this isn't the recommended process for an initial > registration. I believe it is. It's more secure to let the user do it himself: as administrator I don't have to create a reasonably strong password, remember it long enough to communicate it securely to the user, then securely destroy all my records and forget that I ever knew it (because the more exalted and powerful the user, the more certainly he will never change that password, and then I would know something for which I'd rather not be responsible). This surprised me too, until I thought about it for a bit. In fact I had written proposes changes, but then I thought it through and realized that what we have, though counterintuitive, really is the most secure approach. I don't want to know my users' passwords, even for a microsecond. What we probably *should* change, is that creating an EPerson for someone else should *automatically* trigger the password reset process. -- Mark H. Wood, Lead System Programmer [email protected] Asking whether markets are efficient is like asking whether people are smart.
pgp88CfFi7DI9.pgp
Description: PGP signature
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________ Dspace-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-general
