[feature-proposal] Forgot password improvements
Rodrigo Souto
rodrigo at colivre.coop.br
Wed Nov 13 18:58:59 BRST 2013
Ok, I try to summarize the proposal so that we can decide (after all we
still have a feature to develop). I tried to list them as simple as
possible with the counter arguments to each one as simple as possible
too. If I missed anything please add it.
[rodrigo]: Select for the user to choose which field he wants to use as
confirmation. This solution was considered to have a poor
user interface.
[daniel]: No select field and only the text field, with the available
fields as label, which automatic searches through every field.
This solution was susceptible to conflict (match 2 or more
users).
[ewout]: Same as daniel, considering that the usability gain is worth
the extra email sent to users that didn't asked to. This was
considered to be unfriendly to the user that receives an email
without asking.
[hugo]: Same as daniel, but dealing with the conflict by showing the
user the matched users for him to choose which one is him. This
was considered to have information leakage.
[aurium]: Same as daniel, but the admin defines which fields would be
searched for. This was considered bas since the admin would
like to allow every field that is defined by the enabled
plugins.
Was also proposed captcha and rate-limit solutions but these would not
fit in the available resources for the feature.
For the sake of decision, I recommend we use the Shulze method, that is
just list the proposals in the order you like the most, as reference of
relevance of each proposal and the final decision goes to me and Ewout,
as developer and client, to reach a consensus.
Regardless all the suffering, troubles and possible bikeshedding, at
least this might as well serve as a small experiment of feature future
decisions on the list.
--
Rodrigo Souto <rodrigo at colivre.coop.br> :: 55 71 8131-7714
Colivre - Cooperativa de Tecnologias Livres
http://www.colivre.coop.br/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131113/b7d7cf7c/attachment.pgp>
More information about the Noosfero-dev
mailing list