Piwigo.org

plg · 2010-11-09 10:27:36

Hi Piwigo users,

A user has sent me an email because he was really annoyed. He had lost his administration password. He asked if it would be possible to send the connection settings by email.

Piwigo currently doesn't do it for 2 reasons:

1) for a long time we wanted to make emails optionnal. This is no longer true, the lost password feature sends an email but not for administrator users.

2) to avoid transmitting an administrator password by email. I think we're too paranoid. To make everybody happy, I propose to add a checkbox "send my connection settings by email", checked by default.

[Bugtracker] ticket 2021

Who has an opinion about that?

ddtddt · 2010-11-09 11:32:26

+1

repie38 · 2010-11-09 14:17:02

IMO it's useless, and potentially dangerous.
there are several method on the forum to reset an admin password directly in the database, an admin should have access to it.

I would prefere to make a big red warning on install to incitate admin people to save their settings, or even a "print button" or a "save file" ...

Last edited by repie38 (2010-11-09 14:20:36)

plg · 2010-11-09 15:51:26

repie38 wrote:
IMO it's useless, and potentially dangerous.

Many other web applications do it. For a user, it is hard to understand that it would be dangerous in Piwigo but not in Dokuwiki or PunBB.

repie38 wrote:
there are several method on the forum to reset an admin password directly in the database, an admin should have access to it.

If we want to make Piwigo usable only by technical skilled users, then I would agree with you. Just like the upload form is useless because we already provide FTP upload, and plugin 1-click installation is useless because you just need to upload it in your plugin directory.

I don't want to keep Piwigo just for users enough skilled to perform an SQL query in the database. Over years, Piwigo is getting simpler to use to make it usable by more people.

repie38 wrote:
I would prefere to make a big red warning on install to incitate admin people to save their settings, or even a "print button" or a "save file" ...

A user that would prefer to not transfer this information by email would just uncheck the "send my connection settings by email" checkbox. For others, receiving an email is much simpler.

repie38 · 2010-11-10 04:49:10

plg wrote:
I don't want to keep Piwigo just for users enough skilled to perform an SQL query in the database. Over years, Piwigo is getting simpler to use to make it usable by more people.

in fact, I totally agree with that.
It's just I don't like when i see a clear password on my mails.
(I always think first that my password isn't hashed, my password is my password, nobody should give it to me (ie shouldn't be clear in database)

by the way, I think piwigo is secure enough so there's no probleme on according the lost password procedure to admins

mvroosen · 2010-11-10 17:38:05

What about the option for a secret question which can be send by mail to the admin.?

Last edited by mvroosen (2010-11-10 17:38:23)

Piwigo.org

Announcement

#1 2010-11-09 10:27:36

Send an email with connection settings on registration

#2 2010-11-09 11:32:26

Re: Send an email with connection settings on registration

#3 2010-11-09 14:17:02

Re: Send an email with connection settings on registration

#4 2010-11-09 15:51:26

Re: Send an email with connection settings on registration

repie38 wrote:

repie38 wrote:

repie38 wrote:

#5 2010-11-10 04:49:10

Re: Send an email with connection settings on registration

plg wrote:

#6 2010-11-10 17:38:05

Re: Send an email with connection settings on registration

Board footer