aboutsummaryrefslogtreecommitdiff
path: root/doc/todo
diff options
context:
space:
mode:
authorJoey Hess <joeyh@joeyh.name>2015-05-14 10:41:07 -0400
committerJoey Hess <joeyh@joeyh.name>2015-05-14 10:41:07 -0400
commitf1f3d4c6e724c2f4c1056dd43460766f7c483965 (patch)
tree911db0e15f2e2da18ef548a8df5ddcf2c7598800 /doc/todo
parent4fc4e78cd87926cd0f5e4a221ea6cf2c3ab0bb95 (diff)
downloadikiwiki-f1f3d4c6e724c2f4c1056dd43460766f7c483965.tar
ikiwiki-f1f3d4c6e724c2f4c1056dd43460766f7c483965.tar.gz
update re passwordauth @
Diffstat (limited to 'doc/todo')
-rw-r--r--doc/todo/emailauth.mdwn2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn
index aac2c988e..88096bee1 100644
--- a/doc/todo/emailauth.mdwn
+++ b/doc/todo/emailauth.mdwn
@@ -62,7 +62,7 @@ Implementation notes:
Otherwise, someone could use passwordauth to register as a username that
looks like an email address, which would be confusing to possibly a
security hole. Probably best to keep passwordauth and emailauth accounts
- entirely distinct.
+ entirely distinct. Update: passwordauth never allowed `@` in usernames.
* Currently, subscription to comments w/o registering is handled by
passwordauth, by creating a passwordless account (making up a username,
not using the email address as the username thankfully). That account can be