[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security bug fix -- Ready for test

From: Davi Leal
Subject: Re: Security bug fix -- Ready for test
Date: Fri, 4 May 2007 01:34:46 +0200
User-agent: KMail/1.9.5

Close the tasks:

As usual, let me know if you see any mistake.

The control logic is complex. I am not going to write it here. It is hard to 
understand even reading the source code.  Just some tips:

* Added 'Expire' data base fields to control the 'Magic' fields.

* To avoid Spam, instead of using TimeStamp fields, the webapp is
  using boolean Email fields.

  If the user is suffering Spam, instead of set a limit using a
  TimeStamp fields, it is better she block it altogether setting
  the boolean flags.

  The AntiSpam control is disabled by default. It can be activated
  by a user modifying the value of the boolean data base fields.
  I am not going to develop the GUI which would allow the user to
  configure these options of her account due I think it is not
  a problem up to we have Spam problems, and I have other tasks
  more important to do now.

As I am not a English native man, I am not sure if the below sentences, used 
by the sent emails, are right:

GNU Herds: Activate account
Your email has been used to create an account at GNU Herds.

To activate it follow the below link. That link will expire in 24 hours:

If you have not asked for this new account, ignore this email.

Note: To avoid 'Spam' you can only get this email at the most once each 48 
hours. If this email is Spam for you, please let it knows to  association AT


GNU Herds: Lost password?
An attempt was made to activate/register a new GNU Herds account with this 
email address. However, you have already an active account! Follow the below 
link to get your lost password if it is needed:

If you have not asked for this new account, someone else has asked for it with 
your email!


GNU Herds: Lost password?
For security reasons, GNU Herds does not send passwords by electronic mail.

To get your new password follow the below link. That link will expire in 30 

If you have not asked for a new password, ignore it and your password will not 
be changed.


GNU Herds: Change account's email
To change your GNU Herds account's email, first log in and then follow the 
below link. That link will expire in 7 days:

If you have not asked for it, just ignore this email.

Not committed yet:

M Layer-0__Site_entry_point/templates/Company_form.tpl
M Layer-0__Site_entry_point/templates/Person_form.tpl
M Layer-0__Site_entry_point/templates/non-profit_Organization_form.tpl

M Layer-2__Business_logic/content/forms/Company_form.php
M Layer-2__Business_logic/content/forms/Person_form.php
M Layer-2__Business_logic/content/forms/non-profit_Organization_form.php

M Layer-2__Business_logic/content/forms/Lost_Password_form.php

M Layer-4__DBManager_etc/DB_Manager.php

M Layer-5__DB_operation/Entity.php

M Layer-0__Site_entry_point/doc/GNUHerds__SQL_Implementation.psql

reply via email to

[Prev in Thread] Current Thread [Next in Thread]