I ran across this because of a simple problem. My application allows admin users to update information about the user. It also allows a user to do simple things like change their password.
I noticed that although the the new password was written to the database, the changes were overwritten when the user logged out. It turns out that this is not a newly discovered problems either. There is already a proposal (http://jakarta.apache.org/turbine/turbine-2/proposals/security-service. html) that discusses a solution this very problem. Does anyone see a problem with this? The only issue that I could find was persistent pull tools. They would need to be saved as well. Does anyone even use them?? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
