[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Test-Case 004 failed for WLUS 1.2-25

* Knut Yrvin (knuty@skolelinux.no) [040421 20:28]:
> onsdag 21. april 2004, 20:17, skrev Petter Reinholdtsen:
> > They just happen to be the same after installation.  It is not given
> > that they will stay the same (and probably the should not), so you
> > should consider them two different passwords.
> And thats my point. In a usability-perspective, you have to handle this with 
> two password, and use the WLUS-password every time something is deleted or 
> added to the ldif-database. It's not usability to remove the need for 
> password. 

the feature request for this was born in the real world, in every
day use, by real people. the test cases are very good and
usability testing is great, but i think real life is even better.

If we have precious (!) experience with something, why throw it
over board?

> > The only reason they are the same is to avoid having to ask for two
> > admin passwords during installation.
> That is also discussed and explained (and so one) three weeks ago. The 
> reason why I suggested point 2, was to show the usability-answer to what 
> Schuldei is programing: 

please call me Andras, when refering to me. this sounds awkward
to me.

> > 2. Remove the password-feeld entirely. It's not neccesary, and 
> >   the Webmin and LDAP-password is the same. 
> It's a third (3) way to handle this. Schuldei could make the feeld "Admin 
> passord" with stars, when the password is cached. Then he shows that the 
> system has taken care of the WLUS-password. When it's not stars there, the 
> user-admin can type the WLUS-password again ...
> This will remove the problem with usability, and show the users that the 
> password is already in place :-)

that is a good idea. i had it too and disregarded it because then
i would need to re-transmit that password in the html-code of the
page. it might get cached in the browser cache and could be
extracted somehow, by evil people. so i opted against this for
security reasons. we can do it anyway, of cause.

if i would just transmit stars or some other junk, it would seem
to webmin and wlus that this junk was entered as a password. i
cant help that, that is how http and html works. if someone knows
a good workaround i would like to hear that. if a wrong password
is typed wlus uses that one instead of the cached value.


Reply to: