On 07-Feb-2000 Tres Seaver wrote:
It's a form problem. It's not a serious issue, just that the form that comes with 2.1.3 (and 2.1.2, and maybe even 2.1.0) for editing users doesn't have the proper DTML to show the old username and password. I'm not even sure that this wasn't a feature. I will either fix it or put it in the collector soon.
NOOOOOOOO! It was an awful security hole to echo the existing password out the the User edit form -- please don't put it back! Think about it -- on a Unix system, even root can't read another users password, but only reset it. This is the Right Thing (TM) for Zope to do.
No, it's only the Right Thing(TM) to do if there were some way to better manage roles. As far as I can tell, the only way to change a users role is through managing that user, in which case I have to re-enter that users password. Not a good situation.. perhaps the correct fix is to keep it as is (with the "broken" form) and create a new interface to manage roles properly (role membership mgmt) I don't beleive that Zope has that feature, unless I am totally missing something :) -- M. Adam Kendall | mak@kha0s.org | "There's never enough time to do http://kha0s.org | all the nothing you want." | --Bill Watterson (Calvin and Hobbes)