Project

General

Profile

Actions

Feature #35627

closed

FE Ask for old password before allowing to change password

Added by Nicolas Bonvin about 12 years ago. Updated about 8 years ago.

Status:
Rejected
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
Start date:
2012-04-03
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.3
Tags:
Complexity:
Sprint Focus:

Description

Following security best practices, a user should be able to update his password only when giving the previous password. Currently, no need to know the old password to change it.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Feature #35807: [BE] Ask for old password before allowing to change passwordClosedGeorg Ringer2012-04-10

Actions
Actions #1

Updated by Andreas Wolf about 12 years ago

  • Category set to felogin
  • Status changed from New to Accepted

I guess you mean frontend users, don't you? If so, this belongs to EXT:felogin, otherwise we would need to add this to the backend user settings module code.

Actions #2

Updated by Georg Ringer about 12 years ago

feature request is valid for BE and FE

Actions #3

Updated by Georg Ringer about 12 years ago

  • Subject changed from Ask for old password before allowing to change password to FE Ask for old password before allowing to change password
Actions #4

Updated by Christian Futterlieb about 12 years ago

Maybe I'm not right, but imo the target of the felogin change password is to allow a frontend user to change its password when he forgot it (by sending him an email with a link containing the 'forgothash'). So it wouldn't be very helpful to require the old one in this case.

Actions #5

Updated by Mathias Schreiber over 9 years ago

  • Target version set to 7.5
Actions #6

Updated by Benni Mack over 8 years ago

  • Target version changed from 7.5 to 8 LTS
Actions #7

Updated by Helmut Hummel about 8 years ago

  • Status changed from Accepted to Rejected

In the frontend, we do not have any password editing functionality, where this can be applied. We only have "password forgot" functionality, where applying this does not make much sense for obvious reasons.

Actions

Also available in: Atom PDF