[openstreetmap/openstreetmap-website] Require current password before accepting a new password (#2144)

Tom Hughes notifications at github.com
Thu Feb 14 22:35:52 UTC 2019


If people leave a logged in account where other people can use it then it's pretty much game over anyway so I don't see this as a major issue. I won't object if somebody want to change it, but it will be hard to do as things stand.

You would also have to stop people changing the social login provider, or adding a new one, or adding a password to an account that didn't have one and that would be even harder as you'd have to revalidate the social login (and hope they hadn't also left google/facebook/whatever logged in as well).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/2144#issuecomment-463830438
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190214/b807a543/attachment.html>


More information about the rails-dev mailing list