[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-help-public] [sr #107281] Verification of account email change
From: |
Matt McCutchen |
Subject: |
[Savannah-help-public] [sr #107281] Verification of account email changes is ineffective (try 2) |
Date: |
Wed, 24 Feb 2010 23:47:06 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100220 Fedora/3.6.1-1.custom.fc12 Namoroka/3.6 |
Follow-up Comment #2, sr #107281 (project administration):
Additional comment (for whenever this issue is addressed): It gets worse.
The token is a function of the session cookie and the current time, so the
user can predict it without receiving either email. The confirmation and
cancellation links should use two different, /random/ tokens.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107281>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/