[Midas] Problem with password reset
Michael Grauer
michael.grauer at kitware.com
Mon May 16 12:39:26 EDT 2011
Hi Andrea,
Thanks for bringing this problem to our attention.
At present time, there is no parameter to turn this behavior off.
If you would like to change this on your own Midas installation, look in the
file "user_controller.php" in the $midasroot/midas/controllers directory on
your webserver, then comment out or delete the line "echo $text;" at the end
of "function recoverpassword()".
On Sat, May 14, 2011 at 4:29 AM, a.parodi at dicomfly.com <
a.parodi at dicomfly.com> wrote:
> Hi, we are trying to install Midas on our server, in order to deploy a
> DICOM images repository.
>
> We got some problem with the password reset feature. The system
> ask for an email address in order to reset the password.
> We expected that the new password would be sent to the address
> specified, but it is also showed in the browser!
>
> In this way, anyone who knows the mail address of a user could reset
> it's password and take control of the user account.
>
> We think that visualization of the password in the browser can be disabled
> with some parameters, but we can't find which.
>
> Could you provide some help.
>
> thanks in advance
>
> Andrea Parodi
> _______________________________________________
> Midas mailing list
> Midas at public.kitware.com
> http://public.kitware.com/cgi-bin/mailman/listinfo/midas
>
--
Thanks,
Michael Grauer
R & D Engineer
Kitware, Inc.
919 969 6990 x322
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/midas/attachments/20110516/c11bae81/attachment.html>
More information about the Midas
mailing list