Authentication Failure --> Re-Enable

Daniel Atallah datallah at pidgin.im
Sat Feb 13 17:04:57 EST 2010


On Sat, Feb 13, 2010 at 15:22, Dan Mahoney, System Admin
<danm at prime.gushi.org> wrote:
> On Sat, 13 Feb 2010, Daniel Atallah wrote:
>
>> I only see two real issues ("In-memory password not cleared on auth.
>> failure" and "Password field is enabled, but doesn't do anything when
>> passwords aren't being saved") which are not related, so they should
>> be separate tickets.
>
> The question then on that #1 is: should the enhancement request be to clear
> the in-memory password only if there's not one saved?  What should be the
> action if there IS one saved?  To edit the account, yes?  At which point
> you're on the same dance as before.  (You still won't auto-reconnect, you'll
> still have that dialog dismissed).

If you do have the password saved, presumably you didn't type it wrong
(once you've gotten it right initially).
There are certainly cases where you could have had it right at one
time and then changed it elsewhere, but none that I can think of are
likely to be a frequent occurrence.
My opinion on stuff like this is that it is not worthwhile to make
stuff more complicated in order to make exception cases easier.

If you do have a use-case where you would have an account frequently
disabled, then we should think about that particular case - the root
problem may (like this case) be elsewhere.

> The question on #2 is: is the correct action to disable the field, or have
> it used for the in-memory password only, but not written out to disk?
>
> (Or should I not note a specific fix, and just note the problem and leave
> the correct fix up to the developers?)

I would note the problem as the primary reason for the ticket, but I
would also include any input or proposed solutions as they are
certainly welcome and often helpful.

-D



More information about the Support mailing list