moderated Re: Changing email address security issue #misc



Should I make other changes? Should the change only affect that one subscription? That is, if someone is subscribed to 2 groups, and the moderator of one of those groups changes that person's email address, should I then create a new account, splitting off that one subscription?

I would disable the ability to change the address if the member is even a member of any other groups. That's because the other groups may have sensitive information in their content to which the baddie should not gain access.

Or, make it apply to this group only. But that will be fraught with details when the new address is already an account or an alias of an account. It may be worth delving into those details if it heads us in the direction of making it possible for the member to split their account, and/or move subscriptions between accounts (having somehow authenticated ownership of both).


Join to automatically receive all group messages.