A number of information items about an user is stored within the system.
The basic information is:
- the login identifier
- the password (or rather it's message digest)
- surname
- familiy name.
email addresses may also be interesting:
- to address (used for sending mail to the user)
- from address list, used to correlate incoming email messages with an user. Note that this list may not overlap for any two users in the system.
email addresses should be treted with apropriate care: displaying them to aonymous users should be avoidied at all costs (because of spambots). Privilege to view email addresses should be generally assigned to Registered user role but the adminstrator may decide to restrict further.
postal addresses for users are less frequently needed:
- street, building and suite
- city
- postal code
- state
Viewing of postal addresses should be Privilege protected, and restricted to the System administrator role by default.
The system administrator should be able to choose what information is required (except the obvious login and password) to activate the account. We are aiming for LDAP integration, and therefore it is not practical to allow system administrator to define additional information fields - this would require reconfiguring the LDAP server dynamically, or turning off schema checking which is not a good thing.