urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first answer

master
https://id.koumbit.net/anarcat 2014-09-15 16:27:44 -04:00 committed by admin
parent 70bc1a2113
commit 63e58fa590
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/bugs/notifyemail_fails_with_some_openid_providers.mdwn
View File

@ -89,3 +89,7 @@ Any other ideas? --[[anarcat]]
>>> willing to send notifications to a verified address?
>>>
>>> --[[smcv]]
>>>
>>>> hmm... true, that is a problem, especially for hostile wikis. but then any hostile site could send you such garbage - they would be spammers then. otherwise, you could ask the site manager to disable that account...
>>>>
>>>> this doesn't seem to be a very big security issue that would merit implementing a new verification mechanism, especially since we don't verify email addresses on accounts right now. what we could do however is allow password authentication on openid accounts, and allow those users to actually change settings like their email addresses. however, I don't think this should be blocking that functionality right now. --[[anarcat]]