portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Spencer <pau...@apache.org>
Subject Re: More on logon.auto.disable
Date Tue, 28 May 2002 22:33:23 GMT
Glenn,

I think their is a different, although related problem.
1) JetspeedDBSecurity does not use the JR.p 
services.JetspeedSecurity.logon.auto.disable.  JetspeedDBSecurity should 
be updated to use the property

2) JLogin and UserUpdateAction should use 
services.JetspeedSecurity.logon.auto.disable, not logon.auto.disble.


Paul Spencer

Glenn Golden wrote:

> Well, the consensus from the list was to leave in the auto.disable feature,
> even though it makes it easy to disable anyone's account - 3 quick entries
> of your foe's user id with junk passwords and that foe cannot use the system
> anymore, until the administrator restores the account.
> 
> And if you happen to know the admin user id, well, you can shut that down,
> too.
> 
> And further, you cannot turn this feature off!  The jr.p is incorrect, or
> inconsistent with the code, in the line it has to enable this feature - and
> all the code, if it can't find a setting in the jr.p, assumes that the
> feature is on!
> 
> The code (JLoginUser and UserUpdateAction) uses:
> 
> JetspeedResources.getBoolean("logon.auto.disable", true)
> 

> Jr.p has:
> 
> services.JetspeedSecurity.logon.auto.disable=true
> 
> These are NOT the same.
> 
> So, shall we fix jr.p to have:
> 
> logon.auto.disable=true
> 
> ?
> 
> - Glenn
>  
> --------------------------------------------
> Glenn R. Golden, Systems Research Programmer
> University of Michigan School of Information
> ggolden@umich.edu               734-615-1419
> --------------------------------------------
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>
> 
> 



--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message