[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[savannah-help-public] [sr #109310] Loophole Creating Account
|
From: |
Rick Johnson |
|
Subject: |
[savannah-help-public] [sr #109310] Loophole Creating Account |
|
Date: |
Mon, 9 Apr 2018 21:58:59 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 |
Follow-up Comment #3, sr #109310 (project administration):
Hi Bob, or TWIMC
This is definitely NOT "some bad interaction with Lastpass". I only mentioned
LastPass to indicate that I had certainly gotten my username and password
correct.
I am guilty for missing the idea of an email verification or forgetting about
it after the email took too long and I moved on with my life. I also managed
to archive the verification email.
The "INVALID.NOREPLY" sender didn't encourage me to pay attention to the
verification email.
I was correct in wanting my ONE username, as this site has significant
discussion activity.
My (mis)use-case is valid.
The site should NOT put a new account username/password into a PENDING
purgatory. I suggest the login rejection of an attempt that actually has the
right credentials include the message that reminds about the email
verification, for instance, "Perhaps you have missed the emailed verification
link?".
Also, consider the case where the initial attempt is sent to you with a typo
in their email. Is that covered?
And the database of PENDING credentials should time out and be purged at some
point... a day, a month, or the minimum delay consistent with your defense
against bots.
Rick Johnson -- RickJohn57
631-921-8450 (mobile)
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?109310>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/