Hello,
While we testing the password reminder feature, we discover that a user asking for password reminder from a specific list that s/he isn't a member of that list, s/he still receives the message "A reminder of your password has been emailed to you." Is this an expected behavior?
Thank you very much for the advice.
On Mon, Oct 18, 2010 at 9:31 AM, Hung Phan phanh@canby.k12.or.us wrote:
Hello,
While we testing the password reminder feature, we discover that a user asking for password reminder from a specific list that s/he isn't a member of that list, s/he still receives the message "A reminder of your password has been emailed to you." Is this an expected behavior?
Well, do they get any e-mail at all, and worse still, containing a password? It would worry me if they did. From what I know, a password will only be sent to a validly subscribed address.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223
Damn!!
Hung Phan wrote:
While we testing the password reminder feature, we discover that a user asking for password reminder from a specific list that s/he isn't a member of that list, s/he still receives the message "A reminder of your password has been emailed to you." Is this an expected behavior?
If the list's Privacy options... -> Subscription rules -> private_roster attribute is set to Anyone (i.e. if the list membership roster is public), a non-member requesting a reminder will be told "No such member". Otherwise, the user gets the same message whether or not she is a member to prevent using the reminder request to "fish" for list membership.
On the "never to be released" branch at https://code.launchpad.net/~mailman-coders/mailman/2.2, the message is changed to "If you are a list member, your password has been emailed to you.", but it has not been changed on the 2.1 branch for i18n reasons.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Hung Phan -
Mark Sapiro -
Odhiambo Washington