toggle quoted messageShow quoted text
This is a really good observation and I think the security risk applies not just to mods of groups. Suppose I don’t like somebody in my group and I want access to all their subscriptions to do bad things. All I’d have to go is change the email address of their whole account.
I’ve always felt queasy about the ability of a group owner to change the account address of anyone at all. That piece of data belongs at a higher level than the individual group.
As a member of several premium groups, I’m wondering now whether group owners might do this to me. Prior to this I’d only thought about it as a group owner. I’d push for eliminating this ability entirely.
On Feb 3, 2021, at 8:55 AM, Mark Fletcher <firstname.lastname@example.org> wrote:
Premium group owners have the ability to change the email addresses of their members. The email address is changed on the member's Groups.io account, so affects all their subscriptions. As was pointed out to me privately, this presents a security issue. If a member is an owner of another group, this feature provides the ability for a nefarious group owner to take over that other group, by changing the email address of the member to a new email address controlled by the baddie.
I have changed the feature so that you cannot change the email address of a member who is a moderator or owner of a group.
Should I make other changes? Should the change only affect that one subscription? That is, if someone is subscribed to 2 groups, and the moderator of one of those groups changes that person's email address, should I then create a new Groups.io account, splitting off that one subscription?
Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu