[rt-users] Autogenerating a password for requestors
Tom Lahti
toml at bitstatement.net
Thu May 7 16:00:46 EDT 2009
>> # CHANGED NEXT 3 LINES TO TEST REQUESTOR INSTEAD OF CREATOR
>> # SO THAT WILL EMAIL REQUESTOR A PASSWORD WHEN STAFF CREATES
>> # THE TICKET IN WEB INTERFACE
>
> Worked like a charm, thanks a lot!
Yikes! If I called someone and made a request via the phone and they
emailed a password for some system I'd never heard of, I'd probably flag it
as spam. I sure as heck wouldn't log into it, because (a) I don't know if
it really came from them, (b) I don't know what this system does -- XSS
attack, anyone? (c) the password was just emailed across the net in clear
text. Oi vay.
On the other hand, if I made the request via email, I might totally expect
to get a autoreply via email, but I'd still want my new password encrypted.
Perhaps RT can discover attached GPG/PGP keys and add them to a user's
record at autocreate? Now that would be awesome.
--
-- ============================
Tom Lahti
BIT Statement LLC
(425)251-0833 x 117
http://www.bitstatement.net/
-- ============================
More information about the rt-users
mailing list