Forum OpenACS Development: Re: Policy on changing username

Posted by Raad Al-Rawi on
I think the options depend on whether we are talking about a username or email address being used as the identifier.

If it's an email address (as currently), it would seem sensible (even essential) to allow all/any user to change it, and I would strongly consider re-authenticating in this case (i.e. email verification) to safeguard against mistakes. Of course, the system should check first to see if that address is already in use!

If it's a username (presumably tied to an email address), I see it as less of an issue - check the username is not already used, and let any user change it.