aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsmcv <smcv@web>2014-07-04 06:18:04 -0400
committeradmin <admin@branchable.com>2014-07-04 06:18:04 -0400
commit75b66e02bc151196364dea524b6076aa74f4d791 (patch)
treeadaf3608e6788b3d393adb6d2d980ee8416d1935
parentf36514d27f4975fcb38926f53b557c680cbb38fb (diff)
downloadikiwiki-75b66e02bc151196364dea524b6076aa74f4d791.tar
ikiwiki-75b66e02bc151196364dea524b6076aa74f4d791.tar.gz
potential user-annoyance issue
-rw-r--r--doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn22
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn b/doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn
index 9ff36b98d..dd5016619 100644
--- a/doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn
+++ b/doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn
@@ -67,3 +67,25 @@ Any other ideas? --[[anarcat]]
> Note: it seems that my email *is* given by my OpenID provider, no idea why this is not working, but the fix proposed in my branch works. --[[anarcat]]
>> Note: this is one of two patches i need to apply at every upgrade. The other being [[can__39__t_upload_a_simple_png_image:_prohibited_by_allowed__95__attachments___40__file_MIME_type_is_application__47__octet-stream...]]. --[[anarcat]]
+
+>>> Is there any sort of check that the owner of the given email address
+>>> wants to receive email from us, or way for the owner of that email
+>>> address to stop getting the emails?
+>>>
+>>> With passwordauth, if someone maliciously subscribes my email
+>>> address to high-traffic pages or something (by using it as the
+>>> email address of their wiki login), I can at least use
+>>> password-recovery to hijack their account and unsubscribe myself.
+>>> If they're signing in with an OpenID not associated with my
+>>> email address and then changing the email address in the userdb
+>>> to point to me, I don't think I can do that.
+>>>
+>>> With OpenID, I think we're just trusting that the OpenID provider
+>>> wouldn't give us an unverified email address, which also seems
+>>> a little unwise.
+>>>
+>>> It might be better to give ikiwiki a concept of verifying an
+>>> email address (the usual send-magic-token flow) and only be
+>>> willing to send notifications to a verified address?
+>>>
+>>> --[[smcv]]