[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: mail sent at password notice
|
From: |
Mathieu Roy |
|
Subject: |
[Savannah-hackers] Re: mail sent at password notice |
|
Date: |
16 Jan 2003 12:46:00 +0100 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
"Jaime E. Villate" <address@hidden> said:
> On Thu, Jan 16, 2003 at 08:06:12AM +0100, mathieu wrote:
> > We should add as soon as possible a message that say to avoid at any
> > cost to send in a public area the url with the hash!
> >
> > I cannot do it right now. It would be nice if Rudy or Jaime do it
> > today. I cannot do it before tomorrow.
>
> I will be away from my computer all day untill 6 p.m. I can do something after
> that, but I do not fully understand what has to be done. I guess you are
> talking about the mechanism to warn users of the posibility of someone trying
> to steal there accounts; I do not fully understand how that was implemented
> and I'm not conviced that we needed such mechanism.
Finally, I will do it this afternoon.
What it talk about is not really a mecanism. It's just an information
mail. But the current message sent is problematic:
- it says that user will get information by clicking on the
link, which is wrong
- it does not say that user must avoid at any cost to reveal
this url to somebody else.
Previously, it says that user need to follow the link if they want to
change their passwd or to ignore the mail if they do not requested
it. But if they do not follow the link, it's pretty dangerous: if
somebody find their link, he can change the passwd.
This link in itself is the original SF way to permit user to change
their password and we need it.
--
Mathieu Roy
<< Profile << http://savannah.gnu.org/users/yeupou <<
>> Homepage >> http://yeupou.coleumes.org >>
<< GPG Key << http://stock.coleumes.org/gpg <<