Allow a default user to change his password

[CoBC]

Currently, a "Default" user, which is not administrator, cannot change his password, he only can see his account but no change is available. A new user right should be add to allow any user to change his password, this should be configurable for each user account because it's not require for public accounts.

[bear101]

If users should be allowed to change passwords then passwords in tt5srv.xml file should be stored as sha-256

[kirill-jjj]

why not?

[tech10]

While I think encryption of stored passwords would be a good thing, I don't think this would necessarily be needed in order for a user to change their password. A default user can only see themselves in the user list. And, as they have their own password already, seeing it for their own account, then changing it, wouldn't compromise security in any way.

If a user compromised another users account, then changed its password, the user who compromised the account would still need the password to log in. This would be the case whether or not a user account password was encrypted in the configuration file.

I don't believe this is a backward incompatible change, it could be added at any time.

[amirmahdifard]

guys, this is so useful. if you do this, then users doesn't need admin to change password

[amirmahdifard]

@bear101 in tt5.12, you didn't do anything for the serverside yet: please also work on server side, here is some good suggestion for the server side: