aboutsummaryrefslogtreecommitdiff
path: root/doc/todo
diff options
context:
space:
mode:
authorJoey Hess <joeyh@joeyh.name>2015-05-13 23:42:34 -0400
committerJoey Hess <joeyh@joeyh.name>2015-05-13 23:42:34 -0400
commit369bfd45cc0d923a6903ea24b8a65091c12d930c (patch)
tree7aade508cb6fce62a2a32c23beab952064c365ae /doc/todo
parentcfb2c22906f41d4a4dd1c3404e8e430a35c1cd41 (diff)
downloadikiwiki-369bfd45cc0d923a6903ea24b8a65091c12d930c.tar
ikiwiki-369bfd45cc0d923a6903ea24b8a65091c12d930c.tar.gz
close
Diffstat (limited to 'doc/todo')
-rw-r--r--doc/todo/emailauth.mdwn9
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn
index fa1995712..aac2c988e 100644
--- a/doc/todo/emailauth.mdwn
+++ b/doc/todo/emailauth.mdwn
@@ -103,3 +103,12 @@ Thoughts anyone? --[[Joey]]
> I had looked at something like this before, through [[todo/indyauth_support]] - which basically turned out to outsource their own auth to http://intridea.github.io/omniauth/ and http://indiewebcamp.com/RelMeAuth...
>
> But it seems to me that your proposal is basic "email opt-in".. the one impact this has on (drupal) sites i know is that spammers use even those forms to send random emails to users. it's weird, but it seems that some bots simply try to shove victim's emails into forms with the spam data as they can and hope for the best... it seems this could be vulnerable as well... - [[anarcat]]
+
+>> Implemented now. [[done]]
+>>
+>> Only thing that we might want to revisit sometime is that the email address
+>> is used in git commits. While it won't be displayed on any static wiki
+>> pages (AFAICS), spammers could find it in the git commit log.
+>>
+>> Of course, spammers can troll git repos for emails anyway, so maybe
+>> this is fine. --[[Joey]]