diff options
author | Joey Hess <joeyh@joeyh.name> | 2015-05-14 10:41:07 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2015-05-14 10:41:07 -0400 |
commit | f1f3d4c6e724c2f4c1056dd43460766f7c483965 (patch) | |
tree | 911db0e15f2e2da18ef548a8df5ddcf2c7598800 /doc/todo | |
parent | 4fc4e78cd87926cd0f5e4a221ea6cf2c3ab0bb95 (diff) | |
download | ikiwiki-f1f3d4c6e724c2f4c1056dd43460766f7c483965.tar ikiwiki-f1f3d4c6e724c2f4c1056dd43460766f7c483965.tar.gz |
update re passwordauth @
Diffstat (limited to 'doc/todo')
-rw-r--r-- | doc/todo/emailauth.mdwn | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index aac2c988e..88096bee1 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -62,7 +62,7 @@ Implementation notes: Otherwise, someone could use passwordauth to register as a username that looks like an email address, which would be confusing to possibly a security hole. Probably best to keep passwordauth and emailauth accounts - entirely distinct. + entirely distinct. Update: passwordauth never allowed `@` in usernames. * Currently, subscription to comments w/o registering is handled by passwordauth, by creating a passwordless account (making up a username, not using the email address as the username thankfully). That account can be |