[Zope] Securing acl_users change password forms

[Dieter Maurer]

Adam Manock writes:
 > Problem:
 > 
 > Allowing users who have no rights to the Zope management interface to 
 > change their own passwords using an dtml method that collects at least the 
 > following from the user:
 > 
 > Old Password
 > New Password
 > Confirm New Password
 > ... stock "acl_users" requires source modification ...

The API for "AccessControl.User.User" is horrific.

   When you need to change something (I think, you need),
   I would add a new method
   "changePassword" that does what you want.


Dieter