Two security related changes.
1) Do not allow non admin types to change the email address. Not even users can change this since our authorization mechanism is strongly dependent on the email address. I do not expect this to be a problem; changing your email address should be a very rare event, so admin people can do it for users. Maybe not necessary, but I need to think about it some more. 2) Send email when user information is updated. Message is sent to the user and CC'ed to the testbed audit list. DO NOT CHANGE USER INFORMATION USING MYSQL! ALWAYS USE THE WEB INTERFACE!