[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: register and change email address -- Security bug
|
From: |
Davi Leal |
|
Subject: |
Re: register and change email address -- Security bug |
|
Date: |
Thu, 19 Apr 2007 11:21:37 +0200 (CEST) |
Victor Engmark wrote:
> Davi Leal wrote:
> > It is not clear that users can change its email?. You just modify and
> > save, as in others job sites I use.
>
> Like with the password retrieval system, we have to make sure that this
> can't be used to detect who are users. I propose that we use the same
> solution I've seen elsewhere (I believe Bugzilla implements it). It works
> like this: The user logs in and requests an email address change. The system
> then sends an email to that address, with a validation link, where the
> password has to be supplied in order to save the change. Now we can consider
> the scenarios:
>
> - If all goes well, the user just clicks the link, supplies the
> password, and our system changes the address of the user.
> - If the user has supplied an invalid email, nobody will get the
> email, and nothing changes. The user will not know whether the email had
> been registered at the site (privacy), and will not have any problems with
> password retrieval (safety).
> - If the user has supplied a valid email she doesn't have access to
> (whether it belongs to a user or not), the receiver can use the validation
> link, but doesn't have the password, so nothing is changed. I.e., you
> can't accidentally "give" your account to someone else.
> - If the user has supplied an email already belonging to a different
> user, and she (the submitter) has access to it, she will be notified that
> the operation cannot be done after the password has been validated on
> the validation page. This is safe since she has access to the email
> account,
> and we're therefore dealing with one person / company having multiple
> accounts. In this case, we could kindly suggest to the user to delete one
> of
> the accounts, and use the other, referring to the password retrieval page
> in
> case that's the reason the user created multiple accounts.
>
> I think this would be a very good solution for our users, making sure they
> never lose neither privacy nor their accounts, while maintaining the
> uniqueness of the emails registered.
I think it is not only a change-email problem but also a register-user
one, due to the new-user register process also warn when there is already
that email at the data base.
Victor, maybe you have some similar idea to aply to the register-new-user
case?
Victor, could you add a new savannah task for this?.
Davi
Re: Hide email validation in "Lost password" page? -- Security bug, Victor Engmark, 2007/04/18
- Re: Hide email validation in "Lost password" page? -- Security bug, Davi Leal, 2007/04/18
- Re: Hide email validation in "Lost password" page? -- Security bug, Victor Engmark, 2007/04/19
- Re: Hide email validation in "Lost password" page? -- Security bug, Davi Leal, 2007/04/19
- Re: Hide email validation in "Lost password" page? -- Security bug, Victor Engmark, 2007/04/19
- Re: Hide email validation in "Lost password" page? -- Security bug, Davi Leal, 2007/04/19
- Re: Hide email validation in "Lost password" page? -- Security bug, Victor Engmark, 2007/04/19
- Re: new timestamp data base field for: Lost_Password.php, Person.php, Company.php & non-profit_Organization.php, Davi Leal, 2007/04/19
- Re: new timestamp data base field for: Lost_Password.php, Person.php, Company.php & non-profit_Organization.php, Victor Engmark, 2007/04/19
- Re: Security bug at Lost_Password.php and Person.php, Company.php & non-profit_Organization.php registration forms, Davi Leal, 2007/04/19