After playing around for a while with the Beta 1.5 i have some concerns about the new protection model and it appears to me as over-protected.
First i will make clear that i am thankfull for all the work the developers are putting in ZC and that this in no way is an attack but just some considerations that may or may not appeal to other users.
While i never used credit-cards and do not intend to use them in the future i see the fixed password renewal period of 90 days as very restrictive.
I am not against this forced renewal but 90 days is to short and an adjustable period should be appreciated.
It gives a high load maintaning double passwords (user/super user) for multiple stores.
I always used the admin-profiles addon to cleanup the admin from unused menu items to keep it usable on lower screen resolutions and not for additional users.
In the new implementation i am forced to create a second user to get this behaviour meaning i have to remember a second username/password multiplied by the number of stores that has to be renewed every 90 days.
(I think my most visited page will be 'password forgotten' in the future.)
So a config setting for this PA-DSS (on/off) and password renewal time (90-365) would be appreciated.
Also making the the profile of the super-user editable would make sense to me.
In al those years i never locked out myself by changing the profile and some self discipline may be expected from the users.
(Do you refuse to learn your kid how to walk just because of the risk that he could fall.)
Bookmarks