What is the purpose of "User can change username"? In testing this, I see that the DNN value gets written back, anyhow. I thought there might be some security process for handling this (a confirming email sent to the user's email address) but it doesn't really appear to do anything if this field is tied to the DNN core value. Am I missing something?
Come to think of it, the idea of allowing a user to change their email address also has problems without some verification process. Suggestions?
|