-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Astrid Emde schrieb: > > On Fri, July 17, 2009 4:35 pm, Verena Diewald wrote: >> Hi list, >> >> I would like to outline an additional way for the work flow of setting >> the >> user's password in Mapbender's administration application (gui). >> >> The way it works now: The administrator user is the one who creates a new >> user >> and defines the new user's password by typing in a password. This is >> not a >> good process as in most use cases the administrator user should not know >> the >> password of her users. >> >> My proposal is as follows: >> - the administrator user creates a user without manually setting the >> password -> A generated one-time password is created dynamically and >> stored >> in the password field. >> - When the new user's data is written to the mb_user table simultaneously >> a >> ticket number for that new user is written into table mb_user (new field) >> - An e-mail is sent to the new user which contains a link (ticket number >> of >> this user is sent as a parameter) to a new Mapbender module (for example: >> mod_confirmLogin.php). The module mod_confirmLogin.php is a simple form >> where >> the user is requested to insert her new password (twice for confirmation, >> as >> we already have it). >> - If the ticket number is not valid the module returns an error (you are >> not >> authorized, please request a new ticket, etc.) The ticket in the table >> mb_user is deleted. >> - If the ticket number is valid, the new password will be saved in db and >> the >> ticket number of this user will be deleted >> >> The new module could be based on or be an enhancement of the >> module "ForgottenPassword" which does some related things. >> >> What do you think? Any suggestions concerning that topic? > > Hello Verena, > > your idea sounds good to me. > > 1. But still it should be possible to set the password by the creator of > a new user. Sometimes you have user representing a group of user (demo, > kataster, citymap) only to generate a link to another application. Here > you want to set the password by yourself to a defined word. > > > 2. The user should be able to set the password by himself if the > selfgenerated is too ugly > > Best regards astrid
Hey, following up on: http://logs.qgis.org/mapbender/%23mapbender.2009-07-20.log 07:30:07 seven: verena: We can refine the idea in the Wiki. The process is refined, it is even a little simpler now and contains all the we need. Best regards, Arnulf. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkptgi0ACgkQhcSN09gHfZzX9wCgpvkOi0RcsAfvpaWmoKmfl2Qq 9tIAnitun46FCqqRWd+oUDJzE2QlR1hH =QxQf -----END PGP SIGNATURE----- _______________________________________________ Mapbender_dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapbender_dev
