Our core technical people have a meeting each month to discuss new implementations, merge pull-requests and view open issues. Last meeting in December, while reviewing the pull-requests we came across an implementation of Jeroen Desloovere about notifying profiles, see #971.
His changes would affect the way you can edit profiles in the backend. It adds new settings which allow an admin and the profile to get notified when a profile changes. A nice new feature!
During the review we stumbled into a new discussion about the functionality of changing passwords of a profile in the backend. Some argued it would be enough if you could reset a password. In this way the administrator would never know the password of a profile which is a very nice security principle.
What do you think, should an administrator be able to edit a password? Or just have the ability to do a reset?
Read More