I have noticed two issues in administrative management of users that could cause problems. Specifically, actions that users could take with their account that could maliciously cause issues.
First, while users are sent a password to their email upon registration to ensure valid email address(great feature), there is nothing that prevents them from immediately changing the valid address in their profile to a fake address. Not only does the admin have no way to retreive the correct address, this could enable someone to hijack another person’s identity (say by pretending to be a well recognized blogger, seemingly verified by having that blogger’s same email). This could be solved by emailing a new password to the new address upon change and immediately logging the user out until retreival of that password.
Secondly, while each user has a unique username, there is nothing that prevents multiple users from electing to be publically identified by the same name (i.e. nonunique first and last names). Perhaps a system could be developed that locks public names once in use by a user, thus preventing other users from using the same name.
- The topic ‘User Deficiencies’ is closed to new replies.