gnuherds-app-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user ID: email vs OpenID vs public/private keys


From: Victor Engmark
Subject: Re: user ID: email vs OpenID vs public/private keys
Date: Thu, 19 Apr 2007 09:47:48 +0200

On 4/18/07, Davi Leal <address@hidden> wrote:
Victor Engmark wrote:
> By the way, we should implement some way to change the email address. For
> that reason, it should not be (part of) the primary key in any of our
> tables (I'm too lazy to check this now).

You can see as the entity identified is E1_Id. So, the entity (person, company
or non-profit) can change its email just modifying it and saving. The webapp
check too that when you change your email you are not using one owned by
other entity.

It is not clear that users can change its email?. You just modify and save, as
in others job sites I use.

Like with the password retrieval system, we have to make sure that this can't be used to detect who are users. I propose that we use the same solution I've seen elsewhere (I believe Bugzilla implements it). It works like this: The user logs in and requests an email address change. The system then sends an email to that address, with a validation link, where the password has to be supplied in order to save the change. Now we can consider the scenarios:
I think this would be a very good solution for our users, making sure they never lose neither privacy nor their accounts, while maintaining the uniqueness of the emails registered.

--
Victor Engmark
Quidquid latine dictum sit, altum videtur - What is said in Latin, sounds profound
reply via email to

[Prev in Thread] Current Thread [Next in Thread]