mahara-contributors team mailing list archive

Thread
Date

[Bug 1422492] Re: Mahara doesn't ask you for your password before deleting your account or changing your username

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1422492@xxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Feb 2015 22:40:23 -0000
Reply-to: Bug 1422492 <1422492@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Indeed, if we wanted to be more secure, we could consider asking for
password, and/or sending out email notifications, when certain user
actions take place. I think maybe a good rule of thumb, is any action
that can prevent you from being able to log in. So that would be:

1. Changing your password (we already ask for your current password for this)
2. Changing your username
3. Changing your primary email address (because this can make it impossible to recover your password)
4. Deleting your own account

** Changed in: mahara
Status: New => Confirmed

** Changed in: mahara
Importance: Undecided => Low

** Changed in: mahara
Milestone: None => 15.10.0

** Information type changed from Private Security to Public Security

** Tags added: snack-sized

--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1422492

Title:
Mahara doesn't ask you for your password before deleting your account
or changing your username

Status in Mahara ePortfolio:
Confirmed

Bug description:
These, especially the first, seem like dangerous operations.

Expected behavior is that Mahara would prompt for my current password
to prevent someone deleting my user account if I left my account
logged in.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1422492/+subscriptions