Potential patch (login_engine)


#1

login_engine is good. But there are two things about that I “dislike”.
I’ve
been thinking of develop a patch for them, but I’d like some sense that
the
patch goals are agreed with, and thus making it likely to be accepted?

  1. Sending out the password in email is just plain bad. I know I can
    probably
    replace the view, but I’d rather see it as an configuration option.

  2. When a password is forgotten, a secondary authentication token is
    email to
    the user. As near as I can tell, that authentication token does general
    authentication, until it expires. I much prefer a model where that
    token is
    necessary to change the password, and that’s all it is good for. And
    when
    the password is changed the token is invalidated.

Should I make patch, or just fork it?

David


#2

I’d say submit a patch. These both sound like great ideas.

-Nb

On 4/2/06 11:39 AM, “David C.” removed_email_address@domain.invalid wrote:

necessary to change the password, and that’s all it is good for. And when
the password is changed the token is invalidated.

Should I make patch, or just fork it?

David


engine-users mailing list
removed_email_address@domain.invalid
http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org

Nathaniel S. H. Brown                        http://nshb.net