[
https://issues.apache.org/jira/browse/OFBIZ-11206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16937700#comment-16937700 ]
Jacques Le Roux commented on OFBIZ-11206:
-----------------------------------------
Hi Nicolas,
I wonder if it makes sense to keep this feature as is. It seems convoluted to me. Why ask a question to get a password hint?
It seems a lot to remember:
# The choice of the security question
# The answer to this security question
# The relation between the password hint and the password itself
I see only a good thing in this feature: you don't have to change your password. But sincerely do we really need a such feature? I finally think than rather fixing the current state we should remove the feature all together. IMO, the password link in an email done a safe way is enough. If you agree we could ask opininons on dev ML before dropping the whole security question thing.
> Edit the user login security question from party profile
> --------------------------------------------------------
>
> Key: OFBIZ-11206
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11206> Project: OFBiz
> Issue Type: Improvement
> Components: party
> Affects Versions: Trunk
> Reporter: Nicolas Malin
> Assignee: Nicolas Malin
> Priority: Major
> Attachments: OFBIZ-11206.patch, OFBIZ-11206.patch
>
>
> Currenlty we have a system to call a password hints when you lost your password with answer to a security question linked to the userLogin.
> The problem that you can only set this security question at the user login creation and never create or edit it after.
> I add with this issue: service, form, and label to edit it on the ProfileEditUserLogin [1] page.
> [1]
https://localhost:8443/partymgr/control/ProfileEditUserLogin?partyId=admin&userLoginId=admin--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
