[OWASP-ESAPI] Authenticator misses a method to change the user's password
lists at dawes.za.net
Thu Jan 31 08:36:18 EST 2008
It seems that the Authenticator is missing methods to modify various
attributes of the user, such as the password, or roles.
Note that these methods may be existing in User, but there is no support
for persisting those changes to the backend.
Note that the *implementation* of IAuthenticator has a public
saveUsers() method (which I'd like to make protected), however there is
no such method in the *interface* itself.
It seems to me that we should have additional methods:
changePassword(String username, String password1, String password2);
changeRoles(String username, String roles);
More information about the OWASP-ESAPI