[clue-admin] User setup for "member" accounts
Jed S. Baer
thag at frii.com
Thu Dec 30 11:23:10 MST 2004
On Thu, 30 Dec 2004 09:38:12 -0700
David Anselmi wrote:
> > 1. Maintaining email aliases. Just as we don't provide login accounts
> > for members, I recomment that we NOT provide an external means to
> > update the aliases file. We can provide an online form that submits a
> > request to the appropriate admin (or group of admins).
>
> We should spell out how these requests will be authenticated. Email
> (perhaps with a confirmation) is probably good enough but not an
> unauthenticated form.
Oh, duh. Now I see your point. :) Coffee must finally be getting through
to my head.
The auto-generated confirmation e-mail, with a Reply-To: directed back to
... I was thinking the membership officer. Most of these types of schemes,
that I've been on the receiving end of, use some sort of generated token,
to guard against spoofing. So I'm trying to think of how the membership
officer would verify the token.
I think this one needs more coffee.
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list