[feature-proposal] Forgot password improvements

Rodrigo Souto rodrigo at colivre.coop.br
Wed Nov 13 18:58:59 BRST 2013 

Ok, I try to summarize the proposal so that we can decide (after all we
still have a feature to develop). I tried to list them as simple as
possible with the counter arguments to each one as simple as possible
too. If I missed anything please add it.

[rodrigo]: Select for the user to choose which field he wants to use as
           confirmation. This solution was considered to have a poor
           user interface.

[daniel]: No select field and only the text field, with the available
          fields as label, which automatic searches through every field.
          This solution was susceptible to conflict (match 2 or more
          users).

[ewout]: Same as daniel, considering that the usability gain is worth
         the extra email sent to users that didn't asked to. This was
         considered to be unfriendly to the user that receives an email
         without asking.

[hugo]: Same as daniel, but dealing with the conflict by showing the
        user the matched users for him to choose which one is him. This
        was considered to have information leakage.

[aurium]: Same as daniel, but the admin defines which fields would be
          searched for. This was considered bas since the admin would
          like to allow every field that is defined by the enabled
          plugins.

Was also proposed captcha and rate-limit solutions but these would not
fit in the available resources for the feature. 

For the sake of decision, I recommend we use the Shulze method, that is
just list the proposals in the order you like the most, as reference of
relevance of each proposal and the final decision goes to me and Ewout,
as developer and client, to reach a consensus.

Regardless all the suffering, troubles and possible bikeshedding, at
least this might as well serve as a small experiment of feature future
decisions on the list.
-- 
Rodrigo Souto <rodrigo at colivre.coop.br> :: 55 71 8131-7714
Colivre - Cooperativa de Tecnologias Livres
http://www.colivre.coop.br/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131113/b7d7cf7c/attachment.pgp>

More information about the Noosfero-dev mailing list