mahara-contributors team mailing list archive

Thread
Date

[Bug 1045123] Re: don't send out password for admin created users

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Hugh Davenport <1045123@xxxxxxxxxxxxxxxxxx>
Date: Sun, 02 Sep 2012 23:29:23 -0000
Reply-to: Bug 1045123 <1045123@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** This bug has been flagged as a security vulnerability

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1045123

Title:
  don't send out password for admin created users

Status in Mahara ePortfolio:
  Triaged

Bug description:
  When an admin creates a user with a set password. It should be assumed that this password is delivered to the user out of band, and shouldn't be sent in clear text.
  If the password field is left blank, we should treat that the same as if we just finished a registration, the user gets a one time URL to click on which forces them to set a password.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1045123/+subscriptions

References

[Bug 1045123] [NEW] don't send out password for admin created users
From: Hugh Davenport, 2012-09-02