Ok, thanks for the explanation, I'm used to a system where the verification mail is a one time
login, so at that moment you assign the password you preffer.... but the way you explain
CQPWeb works it is fine for me, now that I have that clear<br /><br />Thanks and sorry!<br
/><br /><br />El Mar, 13 de Febrero de 2018, 19:00, Hardie, Andrew escribió:<br /> <!--
begin sanitized html --> <br />
<div class="bodyclass"><br />
<div class="WordSection1"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hi
Andrés,</span>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">
</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">I
am very confused – if you are creating accounts for people, but not telling
them the username/password, how do you expect them to<br /> log in? </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">
</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Anyway,
onto the main point -- The purpose of the verification email is not to provide the user with a
log-in link, it’s to require<br /> the system to verify that the email
address is real and not mis-typed or entered by someone other than the owner of that email
account. If you are sure you’ve entered the correct email address into the
form when creating the account, there is no reason to<br /> send a verification email.
</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">
</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">The
idea of having an initial login/reset password link sent after signup is appealing from the
POV of usability, but not of security.<br /> Such a link would be the equivalent of both
username and password (since it contains all that is needed to log in) being sent by
possibly-insecure email. By contrast, a verification link email does not contain either a
username or password equivalent. The<br /> recipient of the email still needs information
that only the genuine user will have. It is thus more secure to send by email. A malefactor
who intercepts a verification email doesn’t gain the ability to log in as
the victim.<br /> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">
</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Obviously
if you are emailing passwords to people this is not a concern for you, (likewise if a server
is running on HTTP rather than<br /> HTTPS there are much easier hacking-possibilities) but I
have learned not to make assumptions about how much security different server admins would
like to have…</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">
</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">best<br
/> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">
</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Andrew.</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1F497D;mso-fareast-language:EN-US">
</span></p>
<p class="MsoNormal"><strong><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US">From:</span></strong><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US">
cwb-bounces@sslmit.unibo.it [mailto:cwb-bounces@sslmit.unibo.it]<br /> <strong>On Behalf Of
</strong>"Andrés Chandía"<br /> <strong>Sent:</strong> 12
February 2018 16:28<br /> <strong>To:</strong> cwb@sslmit.unibo.it<br />
<strong>Subject:</strong> [CWB] Little gap on account created by admin</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Hi there, I have created an account for a user and at the "Send
verification email? " I have selected "Yes, send a verification email.<br /> The
process goes well and if the user click on the activation link it succeeds, but the user is
sent to the login dialog where he is asked for the username and password, but these data is
not known by the user because the admin was who created the account,<br /> who assigned a
username and a password. So everytime I've been requested for an account the user has sent me
back a mail saying he's not able to access and that he does not (obviously) knows the username
or password to access, so I have to reassign a password<br /> and communicate to the user by
mail the username and password...<br /> <br /> Wouldn't be easier that when the user click on
the activation link he gets logged in automatically and from then on he would be requested to
change/assign a password to his user?<br /> <br /> Thanks<br /> <br />
_______________________<br /> andrés chandía<br /> <a
href="http://www.chandia.net" title="Este enlace externo se abrirá en una nueva ventana"
target="_blank"><span style="text-decoration:none"><img id="_x0000_i1025"
src="../images/spacer.png" alt="chandia.net" border="0" /></span></a><a
href="https://twitter.com/chandianet" title="Este enlace externo se abrirá en una nueva
ventana" target="_blank"><span style="text-decoration:none"><img
style="width:.2083in;height:.2083in" id="_x0000_i1026" src="../images/spacer.png" width="20"
height="20" border="0" alt="" /></span></a><br /> <a
href="http://chandia.net/content/dungupeyem" title="Este enlace externo se abrirá en una nueva
ventana" target="_blank">Dungupeyem</a> |<br /> <a href="http://chandia.net/content/iecmap"
title="Este enlace externo se abrirá en una nueva ventana" target="_blank"><br /> IECMap</a> |
<a href="http://chandia.net/content/isecmap" title="Este enlace externo se abrirá en una nueva
ventana" target="_blank"><br /> ISECMap</a> | <a href="http://chandia.net/content/nmt"
title="Este enlace externo se abrirá en una nueva ventana" target="_blank"><br /> NMT</a> | <a
href="http://corlexim.cl" title="Este enlace externo se abrirá en una nueva ventana"
target="_blank"><br /> Corlexim</a><br /> <br /> administrador de:<br /> <a
href="http://parles.upf.edu" title="Este enlace externo se abrirá en una nueva ventana"
target="_blank">Parles.upf</a> |<br /> <a href="https://iwch.upf.edu" title="Este enlace
externo se abrirá en una nueva ventana" target="_blank"><br /> IWCH</a> | <a
href="http://amindterapia.com" title="Este enlace externo se abrirá en una nueva ventana"
target="_blank"><br /> Amind terapia</a> | <a href="http://koyaktumapuche.net" title="Este
enlace externo se abrirá en una nueva ventana" target="_blank"><br /> ONG Mapuche koyaktu</a>
| <a href="http://parles.upf.edu/llocs/nocando" title="Este enlace externo se abrirá en una
nueva ventana" target="_blank"><br /> Nocando</a> | <a href="https://iac.upf.edu" title="Este
enlace externo se abrirá en una nueva ventana" target="_blank"><br /> IAC</a> | <a
href="https://iac.upf.edu/cddz" title="Este enlace externo se abrirá en una nueva ventana"
target="_blank"><br /> CddZ</a> | <a href="https://iac.upf.edu/isac" title="Este enlace
externo se abrirá en una nueva ventana" target="_blank"><br /> ISAC</a> | <a
href="https://catcg.upf.edu" title="Este enlace externo se abrirá en una nueva ventana"
target="_blank"><br /> CatCg</a><br /> <span
style="font-size:18.0pt;font-family:Webdings;color:#4F6228">P</span> <span
style="font-size:10.0pt;color:#4F6228"><br /> No imprima innecesariamente. ¡Cuide
el medio ambiente!</span> </p>
</div>
<br /> </div>
<br /> <br /> <!-- end sanitized html --> <br /><br /><br />_______________________<br />
andrés
chandía<br /><a href="http://www.chandia.net" target="_blank"><img
src="http://mail.chandia.net/images/chandia_net.png" alt="chandia.net" border="0" /></a> <a
href="https://twitter.com/chandianet" target="_blank"><img
src="http://mail.chandia.net/images/ico_tw.png" width="20" height="20" alt="" /></a><br /><a
href="http://chandia.net/content/dungupeyem" title="Analizador y generador mofológico de
mapudungun">Dungupeyem</a> | <a href="http://chandia.net/content/iecmap" title="Interfaz de
explotación de corpus del mapudungun">IECMap</a> | <a
href="http://chandia.net/content/isecmap" title="Interfaz sencilla de explotación de corpus
del mapudungun">ISECMap</a> | <a href="http://chandia.net/content/nmt" title="Unificador
ortogràfico de mapudungun">NMT</a> | <a href="http://corlexim.cl" title="Corpus lexicográfico
de mapudungun">Corlexim</a><br /><br />administrador de:<br /><a
href="http://parles.upf.edu">Parles.upf</a> | <a href="https://iwch.upf.edu">IWCH</a> | <a
href="http://amindterapia.com">Amind terapia</a> | <a href="http://koyaktumapuche.net">ONG
Mapuche koyaktu</a> | <a href="http://parles.upf.edu/llocs/nocando">Nocando</a> | <a
href="https://iac.upf.edu">IAC</a> | <a href="https://iac.upf.edu/cddz">CddZ</a> | <a
href="https://iac.upf.edu/isac">ISAC</a> | <a href="https://catcg.upf.edu">CatCg</a><br
/><span style="font-size: 18pt; color: rgb(79, 98, 40); font-family: Webdings;">P</span> <span
style="font-size: 10pt; color: rgb(79, 98, 40);">No imprima innecesariamente. ¡Cuide el
medio ambiente!</span>