afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)
afuna ([personal profile] afuna) wrote in [site community profile] changelog2010-02-16 03:10 pm
  • Add Memory
  • Share This Entry

[dw-free] remove insecure password reset option

[commit: http://hg.dwscoalition.org/dw-free/rev/9323f181bcb6]

http://bugs.dwscoalition.org/show_bug.cgi?id=2307

Remove documentation pointing to the (previously removed, currently
nonexistent) insecure password reset option.

Patch by [staff profile] denise.

Files modified:
  • cgi-bin/LJ/ConfCheck/General.pm
  • doc/raw/build/ljconfig/ljconfig2db.pl
--------------------------------------------------------------------------------
diff -r 32841e6285f5 -r 9323f181bcb6 cgi-bin/LJ/ConfCheck/General.pm
--- a/cgi-bin/LJ/ConfCheck/General.pm	Sun Feb 14 13:42:14 2010 +0000
+++ b/cgi-bin/LJ/ConfCheck/General.pm	Tue Feb 16 15:09:47 2010 +0000
@@ -815,7 +815,6 @@ my %bools = (
              "OPENID_STATELESS" => "Speak stateless OpenID.  Slower, but no local state needs to be kept.",
              "ONLY_USER_VHOSTS" => "Don't allow www.* journals at /users/ and /~ and /community/.  Only allow them on their own user virtual host domains.",
              "USERPIC_MOGILEFS" => "Store userpics on MogileFS.",
-             "SECURE_PASSWORD_RESET" => "If enabled, do not email passwords in the clear from lostinfo.bml.  Instead, email a reset request that requires the user to follow the link which then generates a new password for their account.",
              "USE_INNODB" => "Create new tables as InnoDB.",
              "CONCAT_RES" => "Instruct Perlbal to concatenate static files on non-SSL pages",
              "CONCAT_RES_SSL" => "Instruct Perlbal to concatenate static files on SSL pages",
diff -r 32841e6285f5 -r 9323f181bcb6 doc/raw/build/ljconfig/ljconfig2db.pl
--- a/doc/raw/build/ljconfig/ljconfig2db.pl	Sun Feb 14 13:42:14 2010 +0000
+++ b/doc/raw/build/ljconfig/ljconfig2db.pl	Tue Feb 16 15:09:47 2010 +0000
@@ -72,9 +72,6 @@ my %ljconfig =
             },
             'require_talkhash_notold' => {
                     'desc' => "If [ljconfig[require_talkhash]] is on, also make sure that the talkhash provided was issued in the past two hours.  Defaults to off.",
-            },
-            'secure_password_reset' => {
-                    'desc' => "If enabled, do not &email; passwords in the clear from <filename>lostinfo.bml</filename>. Instead, &email; a link that allows the user to reset their password. The link authorizes the user to use <filename>changepassword.bml</filename>, without an old password.",
             },
             'talk_abort_regexp' => {
                     'desc' => "Regular expression which, when matched on incoming comment bodies, kills the comment.",
--------------------------------------------------------------------------------