moderated Re: Changing email address security issue #misc


I agree that Shal’s idea takes us in the right direction. But still not far enough. I’d get rid of it entirely.

On Feb 3, 2021, at 10:29 AM, Shal Farley <shals2nd@...> wrote:


Should I make other changes? Should the change only affect that one subscription? That is, if someone is subscribed to 2 groups, and the moderator of one of those groups changes that person's email address, should I then create a new account, splitting off that one subscription?

I would disable the ability to change the address if the member is even a member of any other groups. That's because the other groups may have sensitive information in their content to which the baddie should not gain access.

Or, make it apply to this group only. But that will be fraught with details when the new address is already an account or an alias of an account. It may be worth delving into those details if it heads us in the direction of making it possible for the member to split their account, and/or move subscriptions between accounts (having somehow authenticated ownership of both).



Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

Join to automatically receive all group messages.