[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: savannah.gnu.org Verification
|
From: |
Per Abrahamsen |
|
Subject: |
[Savannah-hackers] Re: savannah.gnu.org Verification |
|
Date: |
Thu, 09 Jan 2003 12:14:39 +0100 |
|
User-agent: |
Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.1 (sparc-sun-solaris2.8) |
Mathieu Roy <address@hidden> writes:
> Per Abrahamsen <address@hidden> said:
>
>> Hi Hackers,
>>
>> I have not requested a password change, and the logget IP is not one I
>> use.
>>
>> The last line of the message confuses me. Am I supposed to visit the
>> "confirm change" URL even though I definitely do *not* want to confirm
>> the change?
>
> No, you are not.
>
> In fact, the way password can be changed come from the original SF
> version. And someone, Thomas Buschnell (sorry if I mispell it, do not
> remember well), noticed, it's possible to steal someone account in
> some particular case.
>
> That's why there's informations logged (IP etc).
>
> But anyway, there's not so much thing someone can do with a stolen
> account and the way it works is similar to the way every website I
> know works (I would be happy to enhance this part, but nobody ever
> proposed something actually 100% ok).
I must admit I have no idea what you are talking about.
But if one is *not* suppossed to visit the URL if the request did not
come from one self, please change the last line of the message to say
so. E.g. instead of
| If you did not request this verification, please visit this URL to
| report about it to address@hidden
write
| If you did not request this password change, do *not* visit the URL
| above, instead forward this message to address@hidden