Forum OpenACS Q&A: Re: user-login/register "service" becoming subsite aware

The tricky part is, if you've set some security settings for registration, such as password expiration, on the main site, and then make registration subsite-aware, anyone with subsite admin can lower the general level of security on the site.

Anyway, what we have done for 5.0 is move a number of the security-related parameters over to acs-kernel, though not all of them, and generally redirect you to the login page of the current subsite to assist with theming.

However, tackling the full problem is out of scope for 5.0.

If you want to push this, I encourage you to talk with Frank Nikolajsen, who has expressed interest in this issue, and put together a more complete proposal, along with drawbacks and security issues, and post that as a TIP for the next release.

Thanks for your suggestion, though.

I'm going to close out the bug until we have a TIP decision. :)