aboutsummaryrefslogtreecommitdiff
path: root/doc/bugs
diff options
context:
space:
mode:
authorhttps://id.koumbit.net/anarcat <https://id.koumbit.net/anarcat@web>2014-09-15 16:27:44 -0400
committeradmin <admin@branchable.com>2014-09-15 16:27:44 -0400
commit63e58fa5906436190e024879a1ad6a6e605257d2 (patch)
treec0b5ac6c4894d1145247a5cb202cb61729134382 /doc/bugs
parent70bc1a2113e74d25f9d70d2e6d809565a3e8df06 (diff)
downloadikiwiki-63e58fa5906436190e024879a1ad6a6e605257d2.tar
ikiwiki-63e58fa5906436190e024879a1ad6a6e605257d2.tar.gz
first answer
Diffstat (limited to 'doc/bugs')
-rw-r--r--doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn4
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn b/doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn
index dd5016619..91aeda453 100644
--- a/doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn
+++ b/doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn
@@ -89,3 +89,7 @@ Any other ideas? --[[anarcat]]
>>> willing to send notifications to a verified address?
>>>
>>> --[[smcv]]
+>>>
+>>>> hmm... true, that is a problem, especially for hostile wikis. but then any hostile site could send you such garbage - they would be spammers then. otherwise, you could ask the site manager to disable that account...
+>>>>
+>>>> this doesn't seem to be a very big security issue that would merit implementing a new verification mechanism, especially since we don't verify email addresses on accounts right now. what we could do however is allow password authentication on openid accounts, and allow those users to actually change settings like their email addresses. however, I don't think this should be blocking that functionality right now. --[[anarcat]]